People whose personal information are collected, stored and processed are called data subjects.
Know your rights and learn how to protect your data privacy, online and offline.
Organizations who process or are instructed to process personal data are called Personal Information Controllers (PICs) and Personal Information Processors (PIPs).
Learn how to comply with the Data Privacy Act of 2012 (DPA) and read through NPC's issuances and guidance.
The Data Privacy Act of 2012 is a 21st-century law that addresses 21st-century crimes and concerns. It (1) protects the privacy of individuals while ensuring free flow of information to promote innovation and growth; (2) regulates the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure, or destruction of personal data; and (3) ensures that the Philippines complies with international standards set for data protection through National Privacy Commission.
Data subjects have rights under the Data Privacy Act of 2012 (DPA). Learn more about these rights here.
All content is in the public domain unless otherwise stated.
Learn more about the Philippine government, its structure, how government works and the officials behind it.
GOV.PHDo you have
COMPLIANCE, REGISTRATION, BREACH, INCIDENT REPORT
related concerns?
For registration related inquiries, you may reach us through email at [email protected]
For system [NPCRS] related inquiries, please email us at [email protected]
For Breach Notification and Annual Security Incident Report related inquiries, please email us at [email protected]
DATA PRIVACY COMPETENCY PROGRAM ANIMATED VIDEOS
Under the Data Privacy Competency Program, the National Privacy Commission (NPC) released a series of animated videos that break down data privacy concepts and principles into bite-sized and easy-to-understand pieces. The videos are available in English, Tagalog, and Bisaya.
All videos are free for personal and educational use. You may access them here.
The deadline for the submission of the 2024 Annual Security Incident Report (“ASIR”)
The deadline for the submission of the 2024 Annual Security Incident Report (“ASIR”) is on 31 March 2025. All Personal Information Controllers and Processors (PIC/PIPs) are required to submit their ASIR regardless of their classification on the registration requirement under NPC Circular No. 2022-04.
Please note that ASIR can no longer be updated nor edited once submitted through the Data Breach Notification Management System (DBNMS). If uncertain with the information to be included, use the “Save as Draft” option.
If there is an error in the submitted ASIR, request to delete said report by sending an email to [email protected]. Once deleted, proceed to “Create a new report”.
The submission of ASIR shall only be through the DBNMS. Any other modes of submissions shall not be considered valid.
For concerns relating to the DBNMS, please email [email protected].
NPC Advisory 2024-04: Guidelines on the Application of Republic Act No. 10173 or the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations, and the Issuances of the Commission to Artificial Intelligence Systems Processing Personal Data
The National Privacy Commission (NPC) issued NPC Advisory No. 2024-04 which provides guidelines on artificial intelligence systems processing personal data.
For more information, you may access the Advisory here.
NPC Advisory 2024-03: Guidelines on Child-Oriented Transparency
The National Privacy Commission (NPC) issued NPC Advisory No. 2024-03 which provides guidelines on child-oriented transparency.
For more information, you may access the Advisory here.
For additional guidance, FAQs are available here.
NOTICE OF PUBLIC CONSULTATION: DRAFT NPC CIRCULARS ON THE PHILIPPINE PRIVACY MARK CERTIFICATION PROGRAM
Concerned organizations, stakeholders, and other interested parties are invited to submit their valuable inputs regarding the new draft circulars to be implemented by the National Privacy Commission (NPC).
To access the draft NPC Circulars on the Philippine Privacy Mark (PPM) Certification Program, please access the following:
These draft circulars aim to provide guidelines and requirements both for certification bodies and applicant organizations under the PPM.
The Draft Circular can be accessed at this link:
DIT_Circular-PPM-DPPMS-Requirements
NPC_Circular_PPM-CertSchemePart2
The Commission will conduct a virtual public consultation on 05 December 2024 from 10:00am-12:00pm via MS Team Link.
Please send your comments/suggestions/opinions and other valuable inputs to [email protected] no later than 12 December 2024.
ANNOUNCEMENT ON DATA PRIVACY COMPETENCY PROGRAM
The Data Privacy Foundational Course is focused on the fundamental and operational
aspects of the DPA essential for anyone who seeks to have a better understanding of the DPA and its application to actual situations. An overview of the curriculum is now available here.
A Training Provider must satisfy the general requirements provided in Section 5 of NPC Circular 2023-02. It must also have appointed a Data Protection Officer (DPO) and registered its DPO and Data Processing Systems, if any, with the NPC. An updated copy of the Training Provider Application Form is available here.
Interested and qualified Training Providers for the Data Privacy Foundational Course may submit the accomplished Training Provider Application Form and supporting documents to the NPC (General Records Unit) beginning 15 May 2024. Please address your submission to the Data Privacy Competency Program Committee (DPCPC).
For questions, please contact us at [email protected]
.
ANNOUNCEMENT ON RENEWAL OF NPCRS REGISTRATION
All Data Protection Officers (DPOs) are advised to monitor their NPCRS platform for
notifications on their renewal. Notifications in the NPCRS are triggered thirty (30) days before expiration of
current registration. As such, all Personal Information Controllers (PICs), Personal Information Processors
(PIPs), and Individual Professionals should endeavor to renew their registration within the 30-day period to
avoid erasure of the details of their prior registration from the system.
Submission through email, personal filing, ordinary mail, licensed courier service
and other mode of physical submission shall not be considered valid.
For registration related inquiries, you may reach us through email at [email protected]
For system [NPCRS] related inquiries, please email us at [email protected]
Compliance and Monitoring Division
With the launch of the National Privacy Commission Registration System (“NPCRS”) and the effectivity of NPC Circular No. 2022-04 on 11 January 2023, the Commission will no longer accept new registration, amendments, and renewal of registration except through the NPCRS portal.
Submission through email, personal filing, ordinary mail, licensed courier service and other mode of physical submission shall NOT be considered valid.
NPC Circular No. 2022-04 can be accessed through this Link
All PICs/PIPs are directed to create an account, through its Data Protection Officer, and register Data Processing Systems at Link.
For registration related inquiries, you may reach the us through email at [email protected]
For system [NPCRS] related inquiries, please email us at [email protected]
Compliance and Monitoring Division
The National Privacy Commission accepts the various formats of the PhilSys digital
ID, including the printed ePhilID, as a valid and sufficient proof of identity and age subject to authentication
through the PhilSys Check. Please refer to the Philippine
Statistics Authority Public Advisory dated 30 September 2022 and a sample
of the official format of the printed ePhilID for reference.
With the launch of the DBNMS, the NPC will no longer accept Breach Notification and
Annual Security Incident Report submissions except through the DBNMS online platform. Thus, submissions through
email, personal filing, ordinary mail, licensed courier service, and any other mode of physical submission shall
not be considered as valid.
All Personal Data Breach Notifications and Annual Security Incident Reports shall be
submitted through https://dbnms.privacy.gov.ph .
See the Guidelines on the Issuance of Certificate of Pending/No Pending Case here
and the Request for Certificate of Pending/No Pending Case Form here.
Send your requests to [email protected]
with the subject "CPNPC Request_<name of entity/individual>"
Advisory on modified in-person or face-to-face hearing of cases for all parties with
pending hearings with the NPC download here
There is an easier and safer way to file your complaints before the National Privacy
Commission through the improved COMPLAINTS-ASSISTED FORM (CAF). Download the new version of the form here. Do not forget to attach a copy of your supporting documents.
For inquiries, email us at [email protected]
For complaints, send your complaints-assisted form to [email protected]
