Global Data and Cyber Handbook

Philippines

Select a Topic
Start Comparison
DPOs and Notification Requirements
Jump to
DPOs and Notification Requirements Start Comparison
Is the concept of data protection officer (DPO) recognized in the jurisdiction?

Last review date: 7 January 2025

Yes.

Are there circumstances in which it is mandatory to appoint a DPO or similar position?

Last review date: 7 January 2025

Yes.

If yes, under what circumstances?

         other

It is mandatory for a Personal Information Controller (PIC) or Personal Information Processor (PIP) to designate an individual or individuals who shall function as a Data Privacy Officer (DPO).

Where a DPO is appointed, does the DPO have to meet specific requirements?

Last review date: 7 January 2025

Yes.

If yes, what are these requirements?

         other professional qualifications / experience

         other

Familiarity with the personal data processes and policies of the PIC or PIP of which they are the DPOs.

Are there obligations to notify, submit filings to, register with or obtain approval from local data protection authorities to collect and/or process personal data generally?

Last review date: 7 January 2025

Yes.

PICS and PIPs that have personal data processing systems operating in the country and (a) have at least 250 employees; (b) involve accessing or requiring sensitive personal information of at least 1,000 individuals, or (c) belong to any of the industries or business sectors listed by the NPC (government agencies, financial institutions, medical and educational institutions, business process outsourcing companies, etc.) as subject to the registration requirement, are required to register their DPO with the NPC. Data Processing Systems (DPS) that process personal or sensitive personal information involving automated decision-making or profiling must also be registered with the NPC. The registration is subject to the approval of the NPC.

{{ $store.state.loadingScreen.message }} ...