FAQs : REGISTRATION for INDIVIDUALS AND ORGANIZATIONS

Answer

DPO Registration is the process by which a Personal Information Controller (PIC) or Personal Information Processor (PIP) provides the National Privacy Commission (NPC) with relevant information regarding its data protection officer.

Answer

The Registration system is one of the means by which the National Privacy Commission can ensure and monitor compliance of personal information controllers and personal information processors with the Data Privacy Act of 2012. It also assists both the NPC and those involved in the processing of personal data in upholding the rights of data subjects.

Answer

A PIC or PIP shall register if it is processing personal data and operating in the country under any of the following conditions:

1. the PIC or PIP employs at least two hundred fifty (250) employees;
2. the processing includes sensitive personal information of at least one thousand (1,000) individuals;
3. the processing is likely to pose a risk to the rights and freedoms of data subjects. Processing operations that pose a risk to data subjects include those that involve:
1. Information that would likely affect national security, public safety, public order, or public health;
2. Information required by applicable laws or rules to be confidential;
3. Vulnerable data subjects like minors, the mentally ill, asylum seekers, the elderly, patients, those involving criminal offenses, or in any other case where an imbalance exists in the relationship between a data subject and a PIC or PIP;
4. Automated decision-making; or
5. Profiling;
4. the processing is not occasional and constitutes a core activity of a PIC or PIP, or is integral thereto. Data processing systems that involve automated decision-making shall, in all instances, be registered with the Commission. For all other data processing systems operating under the conditions set out in letter C and D, the Commission determined the specific sectors, industries, or entities that shall be covered by mandatory registration. To find out if your sector is included in the initial list please click here.

Answer

Follow the registration process found here.

Answer

A. For organizations

1. For government agencies:
1. Certified true copy of the Special/Office Order, or any similar document, designating or appointing the DPO of the PIC or PIP; and
2. Where applicable, a copy of the charter of the government entity, or any similar document identifying its mandate, powers, and/or functions.
2. For private entities:
1. Duly notarized Secretary’s Certificate authorizing the appointment or designation of DPO, or any other document that demonstrates the validity of the appointment or designation.
2. Certified true copy of any of the following documents, where applicable:
1. Certificate of Registration (SEC Certificate, DTI Certification of Business Name or Sole Proprietorship) or any similar document; and/or
2. Franchise, license to operate, or any similar document.

B. For individuals
No supporting documents are required.

Answer

For purposes of registration, you are only required to scan the DPO Form and its attachments and send the scanned documents to:

1. For organization: [email protected]
2. For individual: [email protected]

For further instructions regarding the process for registration, click here. You are, however, required to keep original copies within your premises in case the Commission directs the submission of physical copies as proof of compliance.

Answer

Once you submit the DPO Form and its supporting documents to the Commission, you will receive an email acknowledging receipt of your submission. (Note: The acknowledgement email does not mean that the documents submitted are complete.)

The Commission will review and validate the submitted documents to ensure compliance with the registration requirements.

For complete and accurate submission: The Commission will send an email stating that you have successfully completed your DPO Registration and that you may now request for your certificate of registration.

For incomplete or submitted documents with issues: The Commission will send you an email or give you a call to provide instructions on how you will complete the registration.

Answer

The Commission has yet to determine a schedule of fines and penalties for organizations and individuals who have failed to register. Such failure to register, however, shall be considered by the Commission in the conduct of compliance checks in accordance with NPC Circular 18-02 and in case of occurrence of security breaches prior to registration.

If you have yet to register, follow the registration process found here.

Answer

Yes. Once an entity’s registration information becomes incomplete, inaccurate or outdated, it must amend or revise such registration information accordingly.

Answer

To amend or update an entity’s registration information, the steps to follow are:

1. Fill out this cover letter and a new DPO Form.
2. Have the DPO form notarized.
3. Scan the completely filled-out cover letter and notarized DPO Form with its supporting documents.
4. Submit the scanned documents to [email protected]

Amendments or updates to registration information shall be made within two (2) months from the date such changes take into effect. For this purpose, a significant change shall include: name and contact details (phone number, email address or mailing address) of the PIC or PIP, head of agency or organization, and DPO.

Answer

The Commission has yet to determine a schedule of reasonable fees for registration, renewal, and other purposes to recover administrative costs.

Answer

No. Companies are required to register only if they are processing personal data and operating in the country under the conditions set forth under NPC Circular 17-01. For further details please refer to Q3.

Answer

The DPO Form file is best viewed with a PDF or Adobe Reader, and not Google Chrome. Do not edit the form using any browser to avoid errors.

Answer

No need to send any request for cancellation. You may opt to wait for your registration validity to end and not submit any renewal request.

Answer

The validity of your registration will be extended to March 8, 2020. The extension means that all organizations who are currently registered need not file an application for renewal as required by NPC Circular 17-01 (Section 17).

Answer

Yes, the validity of the registration of organizations who have completed DPO Registration are deemed extended to March 8, 2020.

Answer

We will communicate updates on when DPS Registration will resume. In the meantime, once the Commission validates that you have submitted the fully accomplished DPO Form and the required documents, you are considered registered.

Answer

There will be no need to file an application for renewal. You may also request for a digital Certificate of Registration.

Answer

Yes. Follow the instructions found in Q24.

Answer

We will communicate updates on when DPS registration will resume.

Answer

No, but we will communicate updates on when DPS registration will resume. You are, however, advised to document the changes made to your DPS for record-keeping purposes.

Answer

We are now issuing digital Certificates of Registration. To send a request, please follow the instructions found in Q24.

Answer

The validity of all approved registrations for common DPO will be extended to March 8, 2020. The extension means that all organizations who are currently registered need not file an application for renewal as required by NPC Circular 17-01 (Section 17).

Answer

Send an email request to [email protected] Please note that in this request you are required to use the DPO email address indicated in your registration.

Use the subject line: Name of Organization or Individual Professional_Request for Certificate of Registration

Your email request must contain the following details:

For Individual Professional:

1. Full Name
2. Profession
3. Mobile Number

For Government/Private Institution:

1. Name of Organization
2. Head of the Organization
3. Sector
4. Name of Data protection Officer
5. Mobile Number

You will receive an automated email acknowledging the receipt of your request. Once verified that you have completed the DPO Registration process, you will then receive an email with the digital Certificate of Registration.

Answer

Yes. Follow the instructions found in Q24.

Answer

Yes, having a digital Certificate of Registration issued in your favor has the same effect and weight as receiving a printed copy. If you wish to verify the authenticity of the digital certificate, you may contact our Compliance and Monitoring Division.

Answer

You may contact the Compliance and Monitoring Division at:

Email Address: [email protected]
Phone Number: (02)8234-2228 local 118
Mobile Number: +639451534299 TNT / +639652863419 TM