People whose personal information are collected, stored and processed are called data subjects.
Know your rights and learn how to protect your data privacy, online and offline.
Organizations who process or are instructed to process personal data are called Personal Information Controllers (PICs) and Personal Information Processors (PIPs).
Learn how to comply with the Data Privacy Act of 2012 (DPA) and read through NPC's issuances and guidance.
The Data Privacy Act of 2012 is a 21st-century law that addresses 21st-century crimes and concerns. It (1) protects the privacy of individuals while ensuring free flow of information to promote innovation and growth; (2) regulates the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure, or destruction of personal data; and (3) ensures that the Philippines complies with international standards set for data protection through National Privacy Commission.
Data subjects have rights under the Data Privacy Act of 2012 (DPA). Learn more about these rights here.
All content is in the public domain unless otherwise stated.
Learn more about the Philippine government, its structure, how government works and the officials behind it.
GOV.PHNOTICE OF PUBLIC CONSULTATION: DRAFT NPC CIRCULARS ON THE PHILIPPINE PRIVACY MARK CERTIFICATION PROGRAM
Concerned organizations, stakeholders, and other interested parties are invited to submit their valuable inputs regarding the new draft circulars to be implemented by the National Privacy Commission (NPC).
To access the draft NPC Circulars on the Philippine Privacy Mark (PPM) Certification Program, please access the following:
These draft circulars aim to provide guidelines and requirements both for certification bodies and applicant organizations under the PPM.
The Draft Circular can be accessed at this link:
DIT_Circular-PPM-DPPMS-Requirements
NPC_Circular_PPM-CertSchemePart2
The Commission will conduct a virtual public consultation on 05 December 2024 from 10:00am-12:00pm via MS Team Link.
Please send your comments/suggestions/opinions and other valuable inputs to [email protected] no later than 12 December 2024.
CALL FOR PUBLIC INPUT
The National Privacy Commission (NPC) invites interested parties including stakeholders, parents, educators, privacy professionals, and the general public, to review and provide feedback on the draft Advisory on Guidelines on Child-Oriented Transparency.
This Advisory aims to provide guidelines on processing children's personal data in recognition of their best interests and evolving capacities. Children, as data subjects and rights holders, are entitled to meaningful access to information and they should be provided with opportunities to create and interact within a protective environment.
The draft Advisory can be accessed at this link
Please send your comments to [email protected] on or before 06 November 2024, with the subject line: "Public Input – Child-Oriented Transparency".
We look forward to your valuable input and thank you for your cooperation and support.
ANNOUNCEMENT ON DATA PRIVACY COMPETENCY PROGRAM
The Data Privacy Foundational Course is focused on the fundamental and operational
aspects of the DPA essential for anyone who seeks to have a better understanding of the DPA and its application
to actual situations. An overview of the curriculum is now available:
https://privacy.gov.ph/wp-content/uploads/2024/04/Overview-of-the-Curriculum-of-the-Data-Privacy-Foundational-Course.pdf.
A Training Provider must satisfy the general requirements provided in Section 5 of
NPC Circular 2023-02. It must also have appointed a Data Protection Officer (DPO) and registered its DPO and
Data Processing Systems, if any, with the NPC. A copy of the Training Provider Application Form is available
through this link: https://privacy.gov.ph/wp-content/uploads/2024/08/DPCPC-2024.08.19-Training-Provider-Application-Form-TPAF-V-2.0.pdf.
Interested and qualified Training Providers for the Data Privacy Foundational Course
may submit the accomplished Training Provider Application Form and supporting documents to the NPC (General
Records Unit) beginning 15 May 2024. Please address your submission to the Data Privacy Competency Program
Committee (DPCPC).
For questions, please contact us at [email protected].
ANNOUNCEMENT ON RENEWAL OF NPCRS REGISTRATION
All Data Protection Officers (DPOs) are advised to monitor their NPCRS platform for
notifications on their renewal. Notifications in the NPCRS are triggered thirty (30) days before expiration of
current registration. As such, all Personal Information Controllers (PICs), Personal Information Processors
(PIPs), and Individual Professionals should endeavor to renew their registration within the 30-day period to
avoid erasure of the details of their prior registration from the system.
Submission through email, personal filing, ordinary mail, licensed courier service
and other mode of physical submission shall not be considered valid.
For registration related inquiries, you may reach the us through email at [email protected]
For system [NPCRS] related inquiries, please email us at [email protected]
Compliance and Monitoring Division
Call for Public Input on Privacy-Enhancing Technologies Use Cases
The National Privacy Commission (NPC) is inviting PICs, PIPs, and other interested
industry participants to submit use cases on Privacy-Enhancing Technologies (PETs). This initiative aims to
gather real-world and practical insights on the applications and benefits of PETs across various sectors to
drive innovation.
Your contributions will aid the NPC in developing a contextual understanding of PETs
specific to the Philippines for the purpose of shaping policy.
We invite you to submit your reports, studies, findings, and any relevant
documentation on PETs use cases to [email protected] by 15 September 2024.
Please include detailed information about the specific PETs used, the challenges encountered during
implementation, and the results and benefits achieved.
Thank you for your cooperation and support.
The Data Privacy Foundational Course is focused on the fundamental and operational
aspects of the DPA essential for anyone who seeks to have a better understanding of the DPA and its application
to actual situations. An overview of the curriculum is now available: https://privacy.gov.ph/wp-content/uploads/2024/04/Overview-of-the-Curriculum-of-the-Data-Privacy-Foundational-Course.pdf.
A Training Provider must satisfy the general requirements provided in Section 5 of
NPC Circular 2023-02. It must also have appointed a Data Protection Officer (DPO) and registered its DPO and
Data Processing Systems, if any, with the NPC. A copy of the Training Provider Application Form is available
through this link: https://privacy.gov.ph/wp-content/uploads/2024/05/DPCP-Training-Provider-Application-Form-with-Affidavit-Fillable.pdf.
Interested and qualified Training Providers for the Data Privacy Foundational Course
may submit the accomplished Training Provider Application Form and supporting documents to the NPC (General
Records Unit) beginning 15 May 2024. Please address your submission to the Data Privacy Competency Program
Committee (DPCPC).
For questions, please contact us at [email protected].
The deadline for 2023 ASIR submission through the Data Breach Notification Management
System (https://dbnms.privacy.gov.ph)
is set until March 31, 2024.
Submissions through paper or electronic mail shall NOT be considered
compliant.
With the launch of the National Privacy Commission Registration System (“NPCRS”) and the effectivity of NPC Circular No. 2022-04 on 11 January 2023, the Commission will no longer accept new registration, amendments, and renewal of registration except through the NPCRS portal.
Submission through email, personal filing, ordinary mail, licensed courier service and other mode of physical submission shall NOT be considered valid.
NPC Circular No. 2022-04 can be accessed through this Link
All PICs/PIPs are directed to create an account, through its Data Protection Officer, and register Data Processing Systems at Link.
For registration related inquiries, you may reach the us through email at [email protected]
For system [NPCRS] related inquiries, please email us at [email protected]
Compliance and Monitoring Division
The National Privacy Commission accepts the various formats of the PhilSys digital
ID, including the printed ePhilID, as a valid and sufficient proof of identity and age subject to authentication
through the PhilSys Check. Please refer to the Philippine
Statistics Authority Public Advisory dated 30 September 2022 and a sample
of the official format of the printed ePhilID for reference.
With the launch of the DBNMS, the NPC will no longer accept Breach Notification and
Annual Security Incident Report submissions except through the DBNMS online platform. Thus, submissions through
email, personal filing, ordinary mail, licensed courier service, and any other mode of physical submission shall
not be considered as valid.
All Personal Data Breach Notifications and Annual Security Incident Reports shall be
submitted through https://dbnms.privacy.gov.ph .
See the Guidelines on the Issuance of Certificate of Pending/No Pending Case here
and the Request for Certificate of Pending/No Pending Case Form here.
Send your requests to [email protected]
with the subject "CPNPC Request_<name of entity/individual>"
Advisory on modified in-person or face-to-face hearing of cases for all parties with
pending hearings with the NPC download here
There is an easier and safer way to file your complaints before the National Privacy
Commission through the improved COMPLAINTS-ASSISTED FORM (CAF). Download the new version of the form here. Do not forget to attach a copy of your supporting documents.
For inquiries, email us at [email protected]
For complaints, send your complaints-assisted form to [email protected]