What must a personal information controller do regarding data protection policies?

What must a personal information controller do regarding data protection policies?

Any active entity involved in processing personal data must practically implement appropriate data protection policies that comprehensively provide for organizational, physical, and technical security measures. These protective policies must deliberately take into account the nature, scope, context, and exact purposes of the processing, as well as the unique risks posed to the data subjects. Furthermore, they must rigorously ensure that, by default, only personal data strictly necessary for the specified purpose are actually processed. The mandate for these robust policies is codified in Section 26 IRR. “b. Data Protection Policies. Any natural or juridical person or other body involved in the processing of personal data shall implement appropriate data protection policies that provide for organization, physical, and technical security measures, and, for such purpose, take into account the nature, scope, context and purposes of the processing, as well as the risks posed to the rights and freedoms of data subjects.” 20-May-26

About Nicolas and De Vega Law Offices

 Nicolas and De Vega Law Offices is a full-service law firm in the Philippines.  You may visit us at the 16th Flr., Suite 1607 AIC Burgundy Empire Tower, ADB Ave., Ortigas Center, 1605 Pasig City, Metro Manila, Philippines.  You may also call us at +632 84706126, +632 84706130, +632 84016392 or e-mail us at [email protected]. Visit our website https://ndvlaw.com/.

SEARCH