UPDATE: The NPC has clarified in an official statement that the aforementioned date is a deadline for Personal Information Controllers and Personal Information Processors to register their data-processing systems with the NPC. The DPA has already been implemented since 2012, and the NPC is asking organizations to not delay their compliance any further. The whole statement can be read below.
Microsoft Philippines announced last March 17 in Makati that it is assisting local companies on their on-going compliance with the Data Privacy Act.
The Data Privacy Act (DPA) or Republic Act No. 10173 requires all businesses and organizations to comply with the enacted rules and regulations by September 9, 2017 or face sanctions and penalties.
The DPA aims to protect private information recorded on any IT and communication system through both the government and the private sector. The purposely established National Privacy Commission or NPC has been tasked to educate people on the DPA and enforce it once the deadline expires.
The NPC, in accordance with the law, is requiring any organization that employs 250 people or handles more than a thousand customers in their databases to appoint a data protection officer (DPO), conduct a privacy impact assessment and from there create a privacy management program. These organizations must also implement privacy and data protection measures and exercise breach reporting procedures.
Violators can be fined up to PHP 5 million for non-compliance with the DPA. More severe violations are grounds for jail time.
Microsoft’s long-standing commitment to security, privacy, and transparency are consistent with the goals of the DPA. With this, Microsoft has been working with businesses and other organizations on complying with the law.
The company has put up a Microsoft Trust Center website that provides the public with a backgrounder on the DPA, its main requirements, and how to comply. Organizations may also take a free risk assessment created with the NPC.
Apart from this, Microsoft believes that its products and services will be able to help businesses meet the requirements put forth by the NPC and the DPA. Through its cloud services and on-premise solutions such as Microsoft Azure, Microsoft Enterprise Mobility and Security, and Office 365 and Windows 10 features, Microsoft seeks to create a more secure environment, to ease management and monitoring of personal information, and to give tools and resources necessary to continuously comply with the DPA’s requirements on reporting and assessment.