Data Privacy Competency Program

Module 1: Understanding the Philippine Privacy Law Framework

1. The Right to Privacy as a Constitutional Right
2. Data Privacy Regulatory Framework in the Philippines
   1. Republic Act No. 10173 or the Data Privacy Act of 2012 (DPA) and its IRR
   2. Issuances from the National Privacy Commission

Module 2: Concepts in the Data Privacy Act

1. Personal Data
   1. Personal Information
   2. Sensitive Personal Information
2. Persons Involved in Processing Personal Data
   1. Data Subject
   2. Personal Information Controller (PIC)
   3. Personal Information Processor (PIP)
3. Obligations of PICs

Module 3: General Privacy Principles

1. Transparency
2. Legitimate Purpose
3. Proportionality
4. Fairness
5. Data Minimization
6. Accuracy
7. Accountability

Module 4: Lawful Criteria to Process

1. Criteria for Lawful Processing of Personal Information
   1. Consent
   2. Contract
   3. Compliance with a Legal Obligation
   4. Vital Interests
   5. National Emergency or Function of Public Authority
   6. Legitimate Interests
2. Criteria for Lawful Processing of Sensitive Personal Information
   1. Consent
   2. Existing Law and Regulation
   3. Protection of Life and Health
   4. Public Organizations
   5. Medical Treatment
   6. Protection of Lawful Rights and Interests
3. Consent
4. Legitimate Interest

Module 5: Data Subject Rights

1. Right to be Informed
2. Right to Access
3. Right to Object
4. Right to Erasure or Blocking
5. Right to Rectify
6. Right to File a Complaint
7. Right to Damages
8. Right to Data Portability

Module 6: Penalties and Liabilities

1. Criminal Penalties
2. Extent of Liability of Responsible Officers if the Violator is a Juridical Person
3. Administrative Fines

Module 7: Data Breach Management

1. The Incident Response Life Cycle
2. Before the Data Breach
3. The Data Breach