Data Privacy Essential Compliance Services
Protecting personal data is crucial for businesses worldwide. Our output-based data privacy services are essential for ensuring compliance and personal data security. This article explores key elements such as data protection officer and data processing systems registration, drafting vital data privacy related documents like data sharing agreements, and the job description of internal privacy teams.
Data Protection Officer/Data Processing Systems Registration
Maintaining compliance with evolving data privacy regulations is essential. Our services provide clear and expert guidance in DPO and DPS Registration, empowering organizations to meet statutory requirements confidently.
Explore our comprehensive NPC Registration Services to gain deeper insights into our DPO and DPS assistance. This will provide potential clients with a thorough understanding of how our expertise can assist in navigating the intricate landscape of data privacy regulations.
Drafting of Privacy-Related Documents
Safeguarding privacy has become a paramount concern for individuals and organizations alike. The drafting of privacy-related documents is crucial in fortifying these protections, ensuring that sensitive data remains secure against potential threats.
Below are related compliance documents crucial to data privacy:
Data Sharing Agreement
A DSA refers to a contract, joint issuance, or any similar document that sets out the obligations, responsibilities, and liabilities of the personal information controllers involved in the transfer of personal data between or among them, including the implementation of adequate safeguards for data privacy and security, and upholding the rights of the data subjects: provided, that only personal information controllers should be made parties to a data sharing agreement. (Source: NPC Circular)
Personal Information Controller
A PIC refers to a natural or juridical person, or any other body, who controls the processing of personal data, or instructs another to process personal data on its behalf.
Outsourcing Agreement
An Outsourcing Agreement refers to a contract between a personal information controller and a personal information processor.
The Implementing Rules and Regulations of the Data Privacy Act of 2012 states:
“In the case of a personal information processor, data sharing should only be allowed if it is carried out on behalf of and upon the instructions of the personal information controller it is engaged with via a subcontracting agreement. Otherwise, the sharing, transfer, or disclosure of personal data that is incidental to a subcontracting agreement between a personal information controller and a personal information processor should be excluded.”
Privacy Notice and Consent Form
A privacy notice is an external communication to individuals, customers, or data subjects to create transparency in how the organization collects, uses, shares, retains, and discloses its personal information based on the organization’s privacy policy. (Source: Privacy Program Management: Tools for Managing Privacy Within Your Organization, Third Edition, International Association of Privacy Professionals)
Consent
“Consent of the data subject” refers to any freely given, specific, informed indication of will, whereby the data subject agrees to the collection and processing of his or her personal, sensitive personal, or privileged information. Consent shall be evidenced by written, electronic or recorded means. It may also be given on behalf of a data subject by a lawful representative or an agent specifically authorized by the data subject to do so. (Source: DPA of 2012 Implementing Rules and Regulations)
Job Descriptions of an Internal Data Privacy Team
Designating a Data Privacy Team and documenting their appointment aligns with the NPC’s requirements as reflected on their NPC Checklist of Compliance. The same displays organizational commitment to data protection, supports data breach management readiness, and contributes to human resource management best practices as they relate to the protection of personal data of data subjects.
DATA PRIVACY ADVISORY SERVICES
Data is the cornerstone of business and personal interactions. Therefore, safeguarding it is essential. We provide strategic solutions to strengthen your data protection framework and ensure compliance with Philippine data privacy standards with our Data Privacy Advisory Services.
Consult a Data Privacy Consultant for the interpretation of evolving data privacy laws. Get advisory services on statutory obligations of covered entities, such as, but not limited to data subject requests and data privacy compliances pursuant to the DPA of 2012, its IRR, and relevant National Privacy Commission public issuances.
