28 Jun 2019
Steps Businesses Should Take to Comply with the Philippine Data Privacy Act
The Philippine Data Privacy Act was implemented as law back in 2016, changing the way businesses collected, managed, and protected the personal information of their customers. It was made “to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth.” Given how today’s business world is rapidly embracing digital, data privacy is now more important than ever. As a result, compliance with the Data Privacy Act should be a priority for all businesses in the Philippines.
Despite being a prominent law for a few years now, many businesses are still having trouble fully understanding how they can and should comply with the Data Privacy Act. If you are still unsure of how you can comply with the guidelines set by the law and the National Privacy Council, here are steps you can take to help you with compliance:
Train a Data Privacy Officer for Your Business
Your Data Privacy Officer (DPO) will take charge of all matters relating to data privacy. Ideally, your chosen DPO will be someone from within your organization with a background in I.T. and data security systems. This is so they are already familiar with your data protection measures. After you’ve identified a promising candidate, you’ll want to make sure they are up-to-date with the terms of the Data Privacy Act, the regulations set by the Data Privacy Commission, and the best practices of the industry. The best way to do this would be to enroll your new DPO in comprehensive data privacy courses that offer Data Privacy certification before he or she assumes the position.
Schedule a Data Privacy Impact Assessment
A Data Privacy Impact Assessment (PIA) should be conducted to help identify how effective your processes currently are at protecting the data your organization is currently holding. Similarly, this process identifies potential risks and how these may affect the privacy of your customers. In short, it is an audit that gauges your ability to keep private information safe. Understanding where you currently stand is important since it gives you and your DPO an idea of areas you should focus on improving.
Redesign and Implement Data Protection Measures
Businesses are responsible for securing the data they collect from their customers. Use the results of your Data Privacy Impact Assessment to make the necessary changes to your existing data protection measures. What you actually need to work on will depend on the results of your PIA. In some cases, there may be a need to upgrade to new security programs. In other cases, installing an intrusion detection system may be necessary.
Orient Everyone on Your Data Breach Reporting Protocol
Any and all data breaches (or even if it’s just a suspected data breach) must be reported to the National Privacy Commission and any affected customers. As such, it’s a good idea to orient everyone in your organization on the steps they need to take to report a data breach, as well as how to handle what comes after. After the orientation, you’ll want to do a few practice runs to make sure everyone is familiar with your reporting protocol.
Register with the National Privacy Commission
Lastly, you’ll need to register your organization with the National Privacy Commission. You may do so by downloading the necessary forms off of their website, www.privacy.gov.ph. After filling out the forms and completing the requirements, you may send everything through email. After several working days, you will receive a confirmation message through email. Once you’ve received confirmation, you may request for a copy of your Certificate of Registration.