DPO Registration is the process by which a Personal Information Controller (PIC) or Personal Information Processor (PIP) provides the National Privacy Commission (NPC) with relevant information regarding its data protection officer.
The Registration system is one of the means by which the National Privacy Commission can ensure and monitor compliance of personal information controllers and personal information processors with the Data Privacy Act of 2012. It also assists both the NPC and those involved in the processing of personal data in upholding the rights of data subjects.
A PIC or PIP shall register if it is processing personal data and operating in the country under any of the following conditions:
Follow the registration process found here.
A. For organizations
For purposes of registration, you are only required to scan the DPO Form and its attachments and send the scanned documents to:here. You are, however, required to keep original copies within your premises in case the Commission directs the submission of physical copies as proof of compliance.
Once you submit the DPO Form and its supporting documents to the Commission, you will receive an email acknowledging receipt of your submission.
(Note: The acknowledgement email does not mean that the documents submitted are complete.)
The Commission will review and validate the submitted documents to ensure compliance with the registration requirements.
For complete and accurate submission: The Commission will send an email stating that you have successfully completed your DPO Registration and that you may now request for your certificate of registration.
For incomplete or submitted documents with issues: The Commission will send you an email or give you a call to provide instructions on how you will complete the registration.
The Commission has yet to determine a schedule of fines and penalties for organizations and individuals who have failed to register.
Such failure to register, however, shall be considered by the Commission in the conduct of compliance checks in accordance with NPC Circular 18-02
and in case of occurrence of security breaches prior to registration.
If you have yet to register, follow the registration process found here.
Yes. Once an entity’s registration information becomes incomplete, inaccurate or outdated, it must amend or revise such registration information accordingly.
To amend or update an entity’s registration information, the steps to follow are:
The Commission has yet to determine a schedule of reasonable fees for registration, renewal, and other purposes to recover administrative costs.
No. Companies are required to register only if they are processing personal data and operating in the country under the conditions set forth under NPC Circular 17-01. For further details please refer to Q3.
The DPO Form file is best viewed with a PDF or Adobe Reader, and not Google Chrome. Do not edit the form using any browser to avoid errors.
No need to send any request for cancellation. You may opt to wait for your registration validity to end and not submit any renewal request.
The validity of your registration will be extended to March 8, 2020. The extension means that all organizations who are currently registered need not file an application for renewal as required by NPC Circular 17-01 (Section 17).
Yes, the validity of the registration of organizations who have completed DPO Registration are deemed extended to March 8, 2020.
We will communicate updates on when DPS Registration will resume. In the meantime, once the Commission validates that you have submitted the fully accomplished DPO Form and the required documents, you are considered registered.
There will be no need to file an application for renewal. You may also request for a digital Certificate of Registration.
Yes. Follow the instructions found in Q24.
We will communicate updates on when DPS registration will resume.
No, but we will communicate updates on when DPS registration will resume. You are, however, advised to document the changes made to your DPS for record-keeping purposes.
We are now issuing digital Certificates of Registration. To send a request, please follow the instructions found in Q24.
The validity of all approved registrations for common DPO will be extended to March 8, 2020. The extension means that all organizations who are currently registered need not file an application for renewal as required by NPC Circular 17-01 (Section 17).
Send an email request to [email protected] Please note that in this request you are required to use the DPO email address indicated in your registration.
Use the subject line: Name of Organization or Individual Professional_Request for Certificate of Registration
Your email request must contain the following details:
For Individual Professional:
Yes. Follow the instructions found in Q24.
Yes, having a digital Certificate of Registration issued in your favor has the same effect and weight as receiving a printed copy. If you wish to verify the authenticity of the digital certificate, you may contact our Compliance and Monitoring Division.
You may contact the Compliance and Monitoring Division at:
Email Address: [email protected]gov.ph
Phone Number: (02)8234-2228 local 118
Mobile Number: +639451534299 TNT / +639652863419 TM