NordCham Philippines held the Data Privacy Update in partnership with KPMG at the KPMG Center in Makati on April 27. Mr. Jallain Marcel S. Manrique, Director in charge of the IT Advisory services of KPMG Philippines, provided an overview and and compliance approach to the country’s Data Privacy Law.
Backed by the Data Privacy Act of 2012 (DPA), the National Privacy Commission of the Philippines (NPC) has intensified the oversight and enforcement actions on data protection. The NPC released late last year the DPA’s Implementing Rules and Regulation, which is expected to take full effect on August 2017. One of the highlights of the said legislation is the criminal liability, which carries 2-6 years of imprisonment and damages, against individuals who have caused data breach.
The key components of the DPA includes Data Privacy Principles, Rights of the Data Subject, Data Breach Notification, and Data Privacy Policies. These components directly address Technical & Security, Legal, and Governance concerns realized from past data breaches.
Mr. Manrique emphasized on the need to appoint a competent Data Protection Officer (DPO) familiar with the complexities of the law. “[DPOs] are the people’s first line of defense against privacy violations inside an organization” , Mr. Manrique quoting NPC Commissioner Liboro on the importance of DPOs.
He also proposed that companies follow the “Five Commandments on How to Comply with the DPA”, namely:
- Commit to comply by assigning a competent Data Protection Officer,
- Know your risk by conducting a Privacy Impact Assessment,
- Write your plan and create Privacy Management Program,
- Be accountable and implement Privacy and Data Protection measures, and
- Be prepared for breaches and regularly exercise the Breach Reporting Procedures