2019 marks the third year of the existence of the National Privacy Commission (NPC) since its constitution last March 2016 as the main implementing agency of Republic Act (RA) No. 10173 otherwise known as the Data Privacy Act (DPA) of 2012. Whereas the past years (2017-2018) saw the NPC and Data Privacy Practitioners going around the country to raise the level of awareness of government agencies, private companies and even self-practicing professionals as well as those handling personal information, year 2019 is now more of addressing the compliance aspect of all these companies, agencies and self-practicing professionals known under the law as Personal Information Controllers (PICs) and Personal Information Processors (PIPs).

In accordance with the five (5) pillars of compliance put in place by NPC, to wit:

1. Commit to Comply – Appoint a Data Protection Officer (DPO)
2. Know your Risks – Conduct a Privacy Impact Assessment (PIA)
3. Be Accountable – Write your Privacy Management Program (PMP) and Privacy Manual
4. Demonstrate your Compliance – Implement Privacy and Data Protection Measures
5. Be prepared for Breach – Regularly Exercise your Breach Reporting Procedure

All PICs and PIPs should now be in the process of conducting their Privacy Impact Assessments (PIAs) and writing their respective Privacy Management Programs (PMPs) and Privacy Manuals (PMs).

But how do these PICs and PIPs ensure that what they are doing are in accordance with the requirements set out by the NPC?

Learn everything you need to know about complying with the DPA of 2012 on this two-day seminar-workshop.

PROGRAM OUTLINE

DAY 1

• Discussion on the Data Privacy Compliance Framework
• Discussion on the Privacy Impact Assessment (NPC Advisory 2017-03)
• Case Study on Vaccination Program Case
• Workshop on their own Process Flow (at least one Processing System)

Day 1 will start with knowing the 26-point Data Accountability and Compliance Framework created by the NPC. This will be followed by a discussion on the importance of conducting the PIA as contained under NPC Advisory 2017-03.

In the afternoon of Day 1, there will be a discussion on how to conduct a PIA (Vaccination Case) which will be followed by a workshop among all participants where they will be doing a PIA for at least one of their Data Processing System (DPS).

DAY 2

• Discussion on the Creation of Privacy Management Program (PMP)
• Discussion on the Data Sharing Agreement (DSA) Requirement
• Discussion on the Writing of the Privacy Manual (PM)
• Writing of own Privacy Policy and Privacy Notice

Day 2 will have discussions on how to write the PMP and the requirement for the Data Sharing Agreement (DSA) which is another major requirement for companies and agencies before they can share personal information.

Afternoon of Day 2 will discuss how to write a PM and its importance and finally there will be a workshop on how to compose their respective Privacy Notices and Privacy Policies. A privacy notice and privacy policy are two (2) different types of privacy documents that also manifest compliance on the part of PICs and PIPs unlike some websites which mention that these two are one and the same.