In the Philippines, the data protection law went into effect in 2016. Many organizations are perplexed and uncertain as to the purpose of designating a DPO.
DPO or Data Protection officer: refers to an individual designated by the head of
agency or organization to ensure its compliance with the Act, its IRR, and other.
issuances of the Commission: Provided, that, except where allowed otherwise by law
or the Commission, the individual must be an organic employee of the government,
agency or private entity.
DPO should be knowledgeable with pertinent privacy or data protection laws and procedures. He or she must have a thorough awareness of the PIC’s or PIP’s processing needs, particularly those related to information systems, data security, and/or data protection.
With a DPO, you have a greater chance of succeeding in the competitive global data protection industry. Also, it strengthens your ability to respond to the public’s growing knowledge of and concern for the security of personal data.
They will support your company as it navigates a challenging new landscape of privacy laws, one that involves fields as diverse as human resources, law, corporate structure, and business strategy, as well as website content and structure, database architecture, IT infrastructure, and cybersecurity.
A DPO shall, inter alia:
- Monitor the PIC’s or PIP’s compliance with the DPA, its IRR, issuances by the NPC and other applicable laws and policies. For this purpose, he or she may:collect information to identify the processing operations, activities, measures, projects, programs, or systems of the PIC or PIP, and maintain a record thereof; analyze and check the compliance of processing activities, including the issuance of security clearances to and compliance by third-party service providers; inform, advise, and issue recommendations to the PIC or PIP; ascertain renewal of accreditations or certifications necessary to maintain the required standards in personal data processing; and advice the PIC or PIP as regards the necessity of executing a Data Sharing Agreement with third parties, and ensure its compliance with the law;
- Ensure the conduct of Privacy Impact Assessments relative to activities, measures, projects, programs, or systems of the PIC or PIP;
- Advice the PIC or PIP regarding complaints and/or the exercise by data subjects of their rights (e.g., requests for information, clarifications, rectification or deletion of personal data);
- Ensure proper data breach and security incident management by the PIC or PIP, including the latter’s preparation and submission to the NPC of reports and other documentation concerning security incidents or data breaches within the prescribed period;
- Inform and cultivate awareness on privacy and data protection within the organization of the PIC or PIP, including all relevant laws, rules and regulations and issuances of the NPC;
- Advocate for the development, review and/or revision of policies, guidelines, projects and/or programs of the PIC or PIP relating to privacy and data protection, by adopting a privacy by design approach;
- Serve as the contact person of the PIC or PIP vis-à-vis data subjects, the NPC and other authorities in all matters concerning data privacy or security issues or concerns and the PIC or PIP;
- Cooperate, coordinate and seek advice of the NPC regarding matters concerning data privacy and security; and
- Perform other duties and tasks that may be assigned by the PIC or PIP that will further the interest of data privacy and security and uphold the rights of the data subjects.
These resources provide information on the value of DPO assignments and suggested procedures.
https://www.privacy.gov.ph/appointing-a-data-protection-officer/#1
https://www.privacy.gov.ph/wp-content/uploads/2023/01/Circular-2022-04.pdf
ADM PRIVACY WEBSITE 