NPC requires organizations with at least 250 employees or those that are processing records with sensitive personal data of 1000 or more individuals to have their data processing systems registered. A deadline has been set which is on September 09, 2017.
For those in Cagayan de Oro, there’s a coming workshop to help you with Data Privacy Compliance which will be held in Philtown Hotel this coming August 31, 2017 – 8AM-5PM. Speaker will be Damian Domingo O. Mapa (Deputy Privacy Commissioner National Privacy Commission).
P1,000 per pax, on or before August 31, 2017 — to be paid on-site
The NPC recommends 5 data privacy guidelines to build your organization’s capacity to comply with the Data Privacy Act:
- Appoint a Data Protection Officer (DPO)
- Conduct a Privacy Impact Assessment (PIA)
- Create your Privacy Management Program (PMP)
- Implement your privacy and data protection (PDP) measures
- Regularly exercise your Breach Reporting Procedures (BRP)
Non-compliance to the Data Privacy Act can lead to the following consequences:
- Being issued an order to stop processing
- Being ordered to pay damages to data subjects whose rights were violated
- Jail time for accountable officers
To know more details before the deadline hits, join us in this workshop and pre-register at goo.gl/8fmLHq
The sectors identified were the following;
- Government branches, bodies or entities, including national government agencies, bureaus or offices, constitutional commissions, local government units, and government-owned and controlled corporations (GOCCs).
- Banks and non-bank financial institutions, including pawnshops, non-stock savings and loan associations (NSSLAS)
- Telecommunications networks, internet service providers and other entities or organizations providing similar services
- Business process outsourcing companies
- Universities, colleges and other institutions of higher learning, all other schools and training institutions
- Hospitals including primary care facilities, multi-specialty clinics, custodial care facilities, diagnostic or therapeutic facilities, specialized out-patient facilities and other organizations processing genetic data.
- Providers of insurance undertakings, including life and non-life companies, pre-need companies and insurance brokers
- Business involved mainly in direct marketing, networking, and companies providing reward cards and loyalty programs
- Pharmaceutical companies engaged in research
- Personal information processors (PIPs) processing personal data for a personal information controller (PIC) included in the preceding items, and data processing systems involving automated decision-making
Click here to register.