People whose personal information are collected, stored and processed are called data subjects.
Know your rights and learn how to protect your data privacy, online and offline.
Organizations who process or are instructed to process personal data are called Personal Information Controllers (PICs) and Personal Information Processors (PIPs).
Learn how to comply with the Data Privacy Act of 2012 (DPA) and read through NPC's issuances and guidance.
The Data Privacy Act of 2012 is a 21st-century law that addresses 21st-century crimes and concerns. It (1) protects the privacy of individuals while ensuring free flow of information to promote innovation and growth; (2) regulates the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure, or destruction of personal data; and (3) ensures that the Philippines complies with international standards set for data protection through National Privacy Commission.
Data subjects have rights under the Data Privacy Act of 2012 (DPA). Learn more about these rights here.
All content is in the public domain unless otherwise stated.
Learn more about the Philippine government, its structure, how government works and the officials behind it.
GOV.PHThe Data Privacy Foundational Course is focused on the fundamental and operational aspects of the DPA essential for anyone who seeks to have a better understanding of the DPA and its application to actual situations. An overview of the curriculum is now available: https://privacy.gov.ph/wp-content/uploads/2024/04/Overview-of-the-Curriculum-of-the-Data-Privacy-Foundational-Course.pdf.
A Training Provider must satisfy the general requirements provided in Section 5 of NPC Circular 2023-02. It must also have appointed a Data Protection Officer (DPO) and registered its DPO and Data Processing Systems, if any, with the NPC. A copy of the Training Provider Application Form is available through this link: https://privacy.gov.ph/wp-content/uploads/2024/05/DPCP-Training-Provider-Application-Form-with-Affidavit-Fillable.pdf.
Interested and qualified Training Providers for the Data Privacy Foundational Course may submit the accomplished Training Provider Application Form and supporting documents to the NPC (General Records Unit) beginning 15 May 2024. Please address your submission to the Data Privacy Competency Program Committee (DPCPC).
For questions, please contact us at [email protected].
The deadline for 2023 ASIR submission through the Data Breach Notification Management System (https://dbnms.privacy.gov.ph) is set until March 31, 2024.
Submissions through paper or electronic mail shall NOT be considered compliant.
With the launch of the National Privacy Commission Registration System (“NPCRS”) and the effectivity of NPC Circular No. 2022-04 on 11 January 2023, the Commission will no longer accept new registration, amendments, and renewal of registration except through the NPCRS portal. Submission through email, personal filing, ordinary mail, licensed courier service and other mode of physical submission shall not be considered valid.
Personal Information Controllers (PICs), Personal Information Processors (PIPs), and Individual Professionals processing personal data who are covered by mandatory registration (Sec. 5 NPC Cir. 22-04) have 180 days or until 10 July 2023 to comply.
NPC Circular No. 2022-04 can be accessed through this Link
All PICs/PIPs are directed to create an account, through its Data Protection Officer, and register Data Processing Systems at Link
For registration related inquiries, you may reach the us through email at [email protected]
For system [NPCRS] related inquiries, please email us at [email protected]
For PICs/PIPs who do not fall under Section 5 on Mandatory Registration of NPC Circular No. 2022-04, You are required to submit a notarized document of Annex 1 - Sworn Declaration and Undertaking for Exemption from Registration of Data Processing Systems at [email protected]
All Certificates of Registration with effectivity dates until the 8th of March 2023 are EXTENDED to 10 July 2023.
PICs, PIPs, and Individual Professionals holding OLD Certificates of Registration bearing a different effectivity date shall be considered not-registered.
Compliance and Monitoring Division
The National Privacy Commission accepts the various formats of the PhilSys digital ID, including the printed ePhilID, as a valid and sufficient proof of identity and age subject to authentication through the PhilSys Check. Please refer to the Philippine Statistics Authority Public Advisory dated 30 September 2022 and a sample of the official format of the printed ePhilID for reference.
With the launch of the DBNMS, the NPC will no longer accept Breach Notification and Annual Security Incident Report submissions except through the DBNMS online platform. Thus, submissions through email, personal filing, ordinary mail, licensed courier service, and any other mode of physical submission shall not be considered as valid.
All Personal Data Breach Notifications and Annual Security Incident Reports shall be submitted through https://dbnms.privacy.gov.ph .
See the Guidelines on the Issuance of Certificate of Pending/No Pending Case here and the Request for Certificate of Pending/No Pending Case Form here.
Send your requests to [email protected] with the subject "CPNPC Request_<name of entity/individual>"
Advisory on modified in-person or face-to-face hearing of cases for all parties with pending hearings with the NPC download here
There is an easier and safer way to file your complaints before the National Privacy Commission through the improved COMPLAINTS-ASSISTED FORM (CAF). Download the new version of the form here. Do not forget to attach a copy of your supporting documents.
For inquiries, email us at [email protected]
For complaints, send your complaints-assisted form to [email protected]