I’m thrilled to share that OneTrust DataGuidance has recently featured my latest article on the Philippine National Privacy Commission‘s Amendments to the 2021 Rules of Procedure.
In this piece, we discuss key amendments and their practical implications for Personal Information Controllers (PICs), focusing on compliance checks, alternative dispute resolutions (ADR), and NPC orders and decisions.
Read the full article here: https://lnkd.in/gWDHmMr7
Philippines: Updated rules on compliance checks
By Edsel Tupaz
Contributor: Luis Teodoro Pascua
Special thanks to Luis Teodoro Pascua for his invaluable contributions.
At Gorriceta Africa Cauton & Saavedra | GorricetaLaw, I lead initiatives in Data Privacy, Cybersecurity, and Artificial Intelligence.
Summary of the Article:
Compliance Checks: The NPC’s Compliance and Monitoring Division (CMD) conducts privacy sweeps, document submissions, and on-site visits (OSVs) year-round, based on risk levels, reports, registration status, unsecured data, and other non-compliance indicators. Actions include issuing warnings, document submission notices, and show cause orders for non-compliance.
Privacy Sweeps: Conducted in public areas, these can result in warnings, document submission notices, or show cause orders. Non-compliance may lead to fines and enforcement actions.
On-Site Visits (OSVs): For persistent issues or significant non-compliance, OSVs now require a five-day notice and specified documents. CMD issues deficiency reports based on OSV findings. PICs and PIPs should review privacy management, ensure data sharing agreements, and document data processing activities.
Alternative Dispute Resolution (ADR): Mediation can now be conducted via videoconferencing. Confirmation conferences ensure settlement compliance, with non-appearance waiving certain rights. Re-application for mediation is allowed unless prohibited due to non-appearance.
Decisions: The rules cover case dismissals, allowing complainants to file cases elsewhere.
Key actions for PICs and PIPs include maintaining compliance documentation, conducting privacy impact assessments, and preparing for ADR scenarios with litigation teams.