Connect with us

Hi, what are you looking for?


5 key steps to meeting deadline for Data Privacy Act compliance

Philippine companies have until September 9, 2017 to fully comply with the Implementing Rules and Regulations of the Data Privacy Act or Republic Act No. 10173 or face sanctions and penalties which range from one to six years imprisonment, and a fine of not less than Php500,000 and not more than Php5 million, depending on the violation.

According to the National Privacy Commission, an independent body mandated to administer and implement the Data Privacy Act of 2012, and to monitor and ensure compliance of the country with international standards set for data protection, privacy is a basic human right, and in the digital age and continued socio-economic development of Filipino citizens, privacy has an ever increasing value and educating one’s self about privacy is important.

The DPA provides Philippine residents with control over their personal data through a set of “data subject rights.” This includes the right to:

  • Right to be informed
  • Right to object
  • Right to access
  • Right to correct
  • Right to rectification, erasure or blocking

Noncompliance of businesses to the Data Privacy Act can lead to the following consequences:

  • Being issued an order to stop processing
  • Being ordered to pay damages to data subjects whose rights were violated
  • Jail time for accountable officers

The NPC recommends businesses to begin their journey to compliance with the DPA by focusing on five key steps:

  1. Appoint a Data Protection Officer (DPO). To be appointed by a personal information controller, DPOs will be accountable for ensuring compliance with applicable laws and regulations relating to data protection and privacy.
  2. Conduct a Privacy Impact Assessment to evaluate and manage the impact of the company’s program, process, and/ore measure on data privacy.
  3. Create your Privacy Management Program to align everyone in the organization in the same direction, to facilitate compliance with the Data Privacy Act and issuances of the NPC, and to help your organization in mitigating the impact of a breach.
  4. Implement your Privacy and Data Protection measures which must continuously be assessed, reviewed, and revised as necessary, while training must be regularly conducted.
  5. Regularly exercise your Breach Reporting Procedures. The NPC and affected data subjects shall be notified by the personal information controller within 72 hours upon knowledge of, or when there is reasonable belief by the personal information controller or personal information processor that, a personal data breach requiring notification has occurred. The personal information controller shall notify the NPC by submitting a report, whether written or electronic, containing the required contents of notification.  The report shall also include the name of a designated representative of the personal information controller, and his or her contact details.

Supporting journey to compliance

At a recent tech workshop for the media, Microsoft officials said that the company’s long-standing commitment to security, privacy, and transparency are consistent with the goals of the Data Privacy Act. To support this government drive, Microsoft has been working on helping businesses in their journey to comply with this important legislation.

To help companies start their DPA compliance initiatives, the company has made available online tools and resources through a dedicated Microsoft Trust Center website focused on information on the Data Privacy Act. Through this site, businesses may also take a free risk assessment by the National Privacy Commission to assess their privacy risk level under the DPA regulation.

Advertisement. Scroll to continue reading.

Microsoft’s Comprehensive Solutions that helps businesses comply

As this policy seeks to help Filipino citizens in their right to privacy and businesses need to be both responsible and accountable for their customers’ data, businesses are not alone in this journey.

Microsoft say its products and services are available today to help businesses meet the Data Privacy Act requirements, and is investing in additional features and functionality. Through cloud services and on-premises solutions, Microsoft will help locate and catalog personal data in the business’s systems, build a more secure environment, simplify management and monitoring of personal data, and give the tools and resources needed to meet the Data Privacy Act reporting and assessment requirements.

With Microsoft Azure, an organization can receive a level of data protection and physical security that far exceeds typical on-premises firewall protection. Azure offers businesses peace of mind knowing that their apps and data are getting the same level of protection chosen by Microsoft’s enterprise customers, including many of the world’s largest financial institutions.

Microsoft Enterprise Mobility + Security (EMS) helps give users a more secure and integrated productivity experience with Microsoft’s enterprise mobility solutions. Securing identities like multi-factor-authentication, device health/data protection with remote wipe and disconnection capabilities, information protection at rest and in-transit, and advanced detection capabilities against security breaches are among the key prescriptions in the DPA. EMS’ layered security across Identity, Devices, Apps, and Data helps with the ongoing compliance.

Advertisement. Scroll to continue reading.

If the business involves processing important information, then Office 365 is the application suite needed to get the power of Office anywhere and on any device! Plus, regular updates ensure information is secure and protected.

Windows 10 provides identity protection and safeguards from pass the hash attacks.  It also provides data encryption at the device and on file level. This ensures corporate data isn’t accidentally or intentionally leaked to unauthorized users or locations.

On top of that, Windows 10 also offers threat resistance with enterprise grade anti-virus protection that completely locks down your device, so you can run only trusted applications. It can also provide additional device security through UEFI Secure Boot and Virtualization-based security. It ensures that a genuine version of Windows starts first on your device, and moves some of the most sensitive Windows processes into a secure execution environment to help prevent tampering and prevent attackers from evading detection.

According to Microsoft, meeting compliance with the DPA will cost time and money for most organizations, though it may be a smoother transition for those who are operating in a well-architected cloud services model and have an effective data governance program in place.

Advertisement. Scroll to continue reading.

Like Us On Facebook

You May Also Like


The data is in: 2024 is the year AI at work gets real. Use of generative AI at work has nearly doubled in the...


The skilling initiatives will be implemented in partnership with governments, nonprofit and corporate organizations, and communities across Indonesia, Malaysia, the Philippines, Thailand, and Vietnam.


Leveraging generative AI capabilities in Microsoft’s Azure OpenAI Service, the companies will work together to develop solutions that further empower ELC’s more than 20...


As part of the partnership, Coca-Cola has made a $1.1 billion commitment to the Microsoft Cloud and its generative AI capabilities. The collaboration underscores...


As part of the partnership, Cognizant purchased 25,000 Microsoft 365 Copilot seats for Cognizant associates, along with 500 Sales Copilot seats and 500 Services...


The collaboration will bring together the global scale, security and advanced computing capabilities of Microsoft Azure with NVIDIA DGX Cloud and the NVIDIA Clara suite of computing platforms, software and...


Oracle Database@Azure will expand to five more regions, which brings the total planned multicloud availability footprint to 15 regions globally.


The agreement will strengthen the go-to-market collaboration for the Citrix virtual application and desktop platform and support the development of new cloud and AI...