Scribd
Upload
8 views

01 the Data Protection Officer

The document outlines the role and responsibilities of Data Protection Officers (DPOs) appointed by personal information controllers (PIC) and personal information processors (PIP) to ensure compliance with the Data Privacy Act and related regulations. DPOs must be knowledgeable in data protection policies, monitor compliance, conduct privacy assessments, and serve as the contact for data subjects and authorities. The document also specifies the requirements for the DPO's appointment and the necessary contact details to be provided.

Uploaded by

isabellanavs
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
8 views

01 the Data Protection Officer

The document outlines the role and responsibilities of Data Protection Officers (DPOs) appointed by personal information controllers (PIC) and personal information processors (PIP) to ensure compliance with the Data Privacy Act and related regulations. DPOs must be knowledgeable in data protection policies, monitor compliance, conduct privacy assessments, and serve as the contact for data subjects and authorities. The document also specifies the requirements for the DPO's appointment and the necessary contact details to be provided.

Uploaded by

isabellanavs
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

The NPC is an attached agency of the

Department of Information and Communications Technology

The Data Protection Officer

Personal information controllers (PIC) and personal information


processors (PIP) are required to appoint or designate a data protection
officer (DPO). The DPOs will be accountable for ensuring compliance by
the PIC or PIP with the Data Privacy Act, its IRR, related issuances of the
National Privacy Commission, and other applicable laws and regulations
relating to data privacy and security.
Who may be appointed as a DPO?
The DPO should be a full-time or organic employee of the PIC or What are the duties
PIP. Where the employment of the DPO is based on a contract,
the term of the contract should be at least two (2) years to ensure of a Data Protection Officer?
stability. A PIC or PIP, taking into account the complexity of its
operations, may choose to have more than one data protection A DPO is accountable for ensuring compliance with applicable
officer. laws and regulations for the protection of data privacy and
security. To carry out this function, the DPO should:
The DPO should be knowledgeable on relevant privacy or data
protection policies and practices, and the processing operations of 1. monitor the PIC’s or PIP’s management by the PIC or
the PIC or PIP. To develop expertise or to keep himself or herself compliance with the DPA, PIP
updated with the developments in data privacy and security, the its IRR, issuances by the 5. inform and cultivate
DPO should be given sufficient time, resources and training to carry NPC and other applicable awareness on privacy and
out his or her functions. laws and policies. This data protection
includes collecting
information about the 6. advocate for the
The provisions of NPC Advisory 17-01 dated March 14, 2017 may development, review and/
serve as guide in the designation of the DPO. personal data processing
of the PIC or PIP, analyzing or revision of policies,
and checking compliance guidelines, projects and/
and any accreditations or programs relating to
What documents need or certifications, and privacy and data protection,
providing advice and by adopting a privacy by
the contact details of DPOs? recommendations on legal design approach;
The designation, postal address, dedicated telephone number, requirements. 7. serve as the contact person
and email address of the DPO should be included the following: of the PIC or PIP vis-à-vis
2. ensure the conduct
of Privacy Impact data subjects, the NPC
Assessments and other authorities in all
matters concerning data
3. advice the PIC or PIP privacy or security
regarding complaints
and/or the exercise by 8. cooperate, coordinate and
data subjects of their seek advice of the NPC
Website Privacy Notice Privacy Policy Privacy Manual rights (e.g., requests for 9. perform other duties and
information, clarifications, tasks that may be assigned
The name or names of the DPO need not be published. However,
rectification or deletion of by the PIC or PIP that will
it should be made available upon request by a data subject or the
personal data); further the interest of data
NPC.
4. ensure proper data breach privacy and security and
The registration of data processing systems also requires the name and security incident uphold the rights of the
and contact details of the DPO. data subjects.

PRIVACY.GOV.PH THE DATA PROTECTION OFFICER


PRIVACY.GOV.PH

You might also like