Companies that engage in processing personal data of individuals living within or outside the Philippines should have Personal Information Controllers (PIC) and/or Personal Information Processors (PIP). The PIP and PIC are the ones responsible for collecting and processing data. PIPs more specifically are those to whom a PIC would outsource data processing. Both are then required to appoint a Data Protection Officer (DPO), in accordance with the Data Privacy Act (DPA) of 2012 or RA 10173.
One of the main responsibilities of the DPO is to make sure the PIC or PIP is in compliance with the rules and regulations of the DPA, the National Privacy Commission (NPA), and other laws and regulations that relate to data privacy and security.
Why is a Data Protection Officer important?
Aside from being a requirement of the DPA, having a DPO means that an organization is better equipped to compete in the aspect of data protection. The DPO can improve customer service, as well as enhance response and increase public awareness relating to personal data protection.
What requirements must a Data Protection Officer have?
When appointing a DPO on a contractual basis, it is preferred that the duration of the contract be at least two years to guarantee stability.
What are the full responsibilities of a Data Protection Officer?
To properly carry out their function of ensuring the organization’s compliance with the DPA and other applicable laws, the DPO is expected to:
Perform duties and tasks that are assigned by the PIC or PIP in relation to furthering the interest of data privacy and security, and the right of data subjects.
The DPO’s name is not required to be made public but should be made available to users if they request it. The name of the DPO is also a requirement when registering the data processing systems.
If you want to know more about appointing a DPO, just call FilePino at +1.806.553.6552 (USA) or +63.917.8922337 (Philippines). You can also browse the website for more information on DPA and other helpful articles.