Data Privacy in the Philippines

Share on facebook
Share on google
Share on twitter
Share on linkedin

In 2012, the Philippines government legislated the Data Privacy Act, Republic Act No. 10173. In September 2016, the Implementing Rules and Regulations (IRR) for the Data Privacy Act became effective. These rules and regulations include the following components:

  • Data Privacy Principles covering transparency, legitimate purpose, proportionality, collection, processing, retention and data sharing;
  • Lawful processing of personal data;
  • Sensitive personal information and privileged information;
  • Security measures for the protection of personal information;
  • Rights of data subjects; and
  • Data breach notification

    In addition certain organisations need to register with the National Privacy Commission. These organisations are dependent on the number of employees and whether they process sensitive information of more than 1000 individuals.

    First Advantage has implemented a range of policies and procedures to meet the requirements of the IRR and is currently determining the registration requirements.