Data Privacy Officer Training and Certification

In the midst of growing data breaches affecting a wide array of industries and applications, it has been increasingly necessary to safeguard personal data collection and processing through more stringent policies. The latest General Data Protection Regulation (GDPR) of the EU requires companies which handle personal data of European citizens to strictly comply with the GDPR standards. This recent development inevitably pushes the Philippines to stay abreast with its cybersecurity measures.

One of the key features of the latest GDPR is requiring certain companies to appoint a Data Protection Officer (DPO) to oversee GDPR compliance. Correspondingly, one of the 5 pillars of compliance to the Data Privacy Act (DPA) of 2012 is mandating organizations to appoint a DPO. 

Source: https://privacy.com.ph/dndfeature/a-primer-on-data-protection-officers/

​

The primary role of the data protection officer (DPO) is to ensure that her organisation processes the personal data of its staff, customers, providers or any other individuals (also referred to as data subjects) in compliance with the applicable data protection rules. 

​

Republic Act No. 10173, otherwise known as the Data Privacy Act is a law that seeks to protect all forms of information, be it private, personal, or sensitive. It is meant to cover both natural and juridical persons involved in the processing of personal information.

​

The National Privacy Commission (NPC), formed as a result of the Philippines’ Data Privacy Act of 2012 (Republic Act 10173), lays forth a set of requirements designed to protect personal information in both government and private sector organizations. The regulation sets out a data privacy accountability and compliance framework that covers a wide range of issues such as governance, data security, training, third party affiliations and breach notification. September 9, 2017 was the Implementation of Rules and Regulation (IRR) deadline by which point organizations were to register their data processing systems with the NPC. The next implementation phase’s deadline, during which organizations will need to show progress toward compliance, is set for March 8, 2018.

​

What does the Data Privacy Act of 2012 mean?

​

The Data Privacy Act of 2012 requires organizations to appoint a Data Protection Officer (DPO), make their data processing transparent to their customers, and maintain the confidentiality, integrity and availability of their data. ‘Security incidents’ as defined by the law do not require notification. However, should a data breach occur and the following information applies, organizations will need to notify the NPC and customers. A breach will require notification if:

1. The breached information must be sensitive personal information, or information that could be used for identity fraud, and

2. There is a reasonable belief that unauthorized acquisition has occurred, and

3. The risk to the data subject is real, and

4. The potential harm is serious.

​

Galila TechStudio,in partnership with Digital Defenders IT Security Solutions, offers internationally recognized Data Privacy Training and Ethical Hacking Certifications.

​