Controllers must promptly notify the Commission and affected data subjects if unauthorized acquisition of sensitive data poses a risk of serious harm.
The personal information controller permanently remains entirely accountable for personal data even when it is actively transferred to a third-party processor.
Who is accountable for personal information transferred to a third party for processing? Read More »
Unauthorized processing of personal information is strictly punished by 1 to 3 years of imprisonment and a massive fine up to Php2,000,000.00.
What is the penalty for unauthorized processing of personal information? Read More »
For corporate offenders, the responsible officers are heavily penalized, and the court may legally suspend or completely revoke the corporation’s functional rights.
The Act applies extraterritorially if the processing actively relates to Philippine citizens or residents, or if the entity has Philippine links.
Does the Data Privacy Act apply to entities processing data outside the Philippines? Read More »
The Privacy Commissioner must be at least 35, of excellent moral character, and a recognized expert in IT and data privacy.
What are the qualifications to be appointed as the Privacy Commissioner? Read More »
Data processing must strictly adhere to transparency, legitimate purpose, and proportionality, and data must be collected for specific and lawful purposes.
Processing is fully lawful if not prohibited by law and if specific conditions like consent, contractual necessity, or legal obligations are met.
Under what conditions is the processing of personal information considered lawful? Read More »
Controllers can legally subcontract data processing but remain entirely responsible for ensuring proper safeguards and strict confidentiality are maintained.
Can a personal information controller subcontract the processing of data? Read More »
Data subjects have the right to legally access the contents, specific sources, recipients, processing methods, and disclosure reasons of their data.
What is the right of the data subject regarding access to their personal information? Read More »
