Search for:
Asia-Pacific

Philippines: For Immediate Action – Renewal of DPO Registration with the National Privacy Commission

By , and 4 Mins Read

The Philippine National Privacy Commission just issued its latest guidelines concerning the renewal of existing Data Protection Officer (DPO) registrations, as well as the revised process for new applications, renewal applications, requests for amendment and registration of common DPOs.

In brief

In an announcement made on 4 March 2022, the Philippine National Privacy Commission (NPC) officially extended the validity of all existing Certificates of Registration issued in 2021 from 8 March 2022 to 8 March 2023.

For Certificates of Registration issued in 2020 or earlier, which are expiring this 8 March 2022, the NPC is directing all affected personal information controllers (PICs) and personal information processors (PIPs)1 to renew their registration with the Commission.

The announcement also provides the NPC’s latest guidelines for processing new applications, renewal applications, requests for amendments, and registration of common Data Protection Officers (DPOs).

Recommended actions

Clients are advised to immediately review their Certificate of Registration and determine when the same was issued by the NPC. In case said certificate was issued in 2020 or earlier, the same must be renewed with the NPC as soon as possible.

Additionally, for those PICs and PIPs who intend to appoint and register a common DPO, please be advised that the NPC no longer requires the review of such application; provided, that the application for registration is filed separately on a per entity basis and that there should be a unique email address per entity.

Please feel free to reach out to Quisumbing Torres’ Intellectual Property, Data and Technology Practice Group for assistance on these data privacy compliance matters.

In more detail

Validity of Certificates of Registration

The NPC officially extended the validity of all existing Certificates of Registration issued in 2021 or later, from 8 March 2022 to 8 March 2023.

However, for those PICs and PIPs whose Certificates of Registration were issued in 2020 or earlier, they are required to renew their existing registration with the NPC.

Guidelines for Processing New Registration, Renewal, and Amendments

The NPC has laid down its revised guidelines on the processing of new applications, renewal applications, and requests for amendments of DPO registration, as follows:

A. For both new and renewal applications

1. PICs and PIPs are required to use a generic DPO email address, which is not personally identified with the DPO (e.g., dataprotection@domain.com).

2. Complete applications must be submitted either through dporegistration@privacy.gov.ph or dpoindprof@privacy.gov.ph. The NPC requires the use of the following subject lines in the emails:

a. For new applications: New_Registration_(Name of PIC/PIP/Individual Professional)

b. For renewal applications: Renew_Registration_(Name of PIC/PIP/Individual Professional)

B. For requests for amendment covering PICs and PIPs who registered with the NPC in 2021 and 2022

1. Complete requests must be submitted either through dporegistration@privacy.gov.ph or dpoindprof@privacy.gov.ph. The NPC requires the use of the following subject line in the emails:

Amendment_(Name of PIC/PIP/Individual Professional)

Upon completion of the process, the NPC will issue a new or amended Certificate of Registration, depending on the type of application/request filed.

Guidelines for Common DPOs

For PICs and PIPs who have previously filed a request for approval of the appointment of a common DPO with the NPC, the Commission has announced that all such pending requests are hereby deemed approved.

Additionally, the NPC has announced that it will no longer review such requests, moving forward.

Nevertheless, for those PICs and PIPs who intend to register a common DPO with the NPC, the Commission requires that the applications be filed separately on a per entity basis. Moreover, the NPC will only accept a unique email address per entity. Thus, if an individual will be registered as the common DPO of two entities which form part of a group of companies, said individual should have two unique email addresses corresponding to each entity, as required by the Commission.

1 Registration with the NPC is required for PICs and PIPs processing personal data and operating within the Philippines under any of the following conditions:
 • Processing the sensitive personal information of at least 1,000 individuals
 • Employing at least 250 individuals
  • Belonging to a business/industry sector identified by the NPC (NPC Circular No. 17-01) as subject to mandatory registration.

LOGO Philippines_QuisumbingTorres_Manila

Please contact QTInfoDesk@quisumbingtorres.com for inquiries.

VISIT QUISUMBING TORRES SITE

Categories:
Author

Bienvenido Marquez III is a partner in Quisumbing Torres' Intellectual Property, Data and Technology Practice Group. He also co-heads the Consumer Goods & Retail Industry Group and is a member of the Technology, Media & Telecommunications Group. He participates in initiatives of Baker & McKenzie International of which Quisumbing Torres is a member firm. He is a member of Baker McKenzie's Asia Pacific Intellectual Property Business Unit for Brand Enforcement. He is immediate Past President of the Philippine Chapter of the Licensing Executives Society International (2019-2021), and is currently co-chair of the LESI Asia Pacific. He is also a member of the Anti-Counterfeiting Committee of the International Trademarks Association (INTA). He has been appointed as member of the INTA Asia Global Advisory Council (GAC) for 2022 to 2023, making him the only Philippine representative on the council.

Bien has vast experience in handling IP enforcement litigation, trademark and patent prosecution and maintenance, copyright, data privacy, information security, IT, telecommunications, e-commerce, electronic transactions, cyber security and cybercrime. He has been consistently ranked as a leading individual for Intellectual Property and TMT in Legal 500 Asia Pacific, Chambers Asia Pacific, asialaw Leading Lawyers, Managing IP Stars, Asia IP, and World Trademark Review. He was also recognized as a Volunteer Service Awardee by INTA in 2018.

Author

Divina Ilas-Panganiban is a partner in Quisumbing Torres’ Intellectual Property and Information Technology & Communications practices. She has 15 years of experience in the fields of intellectual property law, commercial law and litigation. She currently serves as the Vice-President and Director of the Philippine Chapter of Licensing Executives Society International. Ms. Panganiban often serves as resource speaker in local and international seminars on IP and IT laws.

Author

Neonette Pascual is an associate in Quisumbing Torres' Intellectual Property Practice Group and Information Technology & Communications Industry Group. She has nine years of experience handling matters involving contracts, incorporation, compliance, litigation, and corporate housekeeping. Prior to joining Quisumbing Torres, Ms. Pascual worked as legal counsel for the Philippine offices of two global outsourcing services companies

Related Posts