(NAR) VOL. 29 NO. 2/ APRIL - JUNE 18
2.1 The purpose of this Circular is to ensure compliance with the provisions of the Data Privacy Act of 2012 including its Implementing Rules and Regulations (IRR) and Section 4 of NPC Circular 2016-01, which provides that a government agency engaged in the processing of personal data shall, through its head of agency, designate a DPO.3.0 Legal Compliance
3.1 Pursuant to Section 7 of Republic Act No. 10173, also known as the Data Privacy Act of 2012 (DPA), the National Privacy Commission (NPC) is charged with the administration and implementation of the provision of the law, which includes ensuring compliance with the provisions of the DPA and with international standards for data protection, and carrying out efforts to formulate and implement plans and policies that strengthen the protection of personal information in the country, in coordination with other government agencies and the private sector.4.0 Scope/Coverage
3.2 Under Section 26(a) of the IRR of the same law, any natural or juridical person or other body involved in the processing of personal data shall designate an individual or individuals who shall function as data protection officer (DPO), compliance officer, or shall otherwise be accountable for ensuring compliance with applicable laws and regulations for the protection of data privacy and security.
5.1 Local Chief Executives are hereby reminded to ensure compliance to the provisions of laws and issuances relative to privacy and data protection:6.0 Sanctions5.1.1 Each LGU shall designate a DPO. A component city, municipality, or barangay is allowed to designate a Compliance Officer for Privacy (COP), which shall be under the supervision of the DPO of the province of such component city, municipality or barangay.5.2 All DILG Regional Directors and the ARMM Regional Governor are hereby directed to:
5.1.2 Local Chief Executives are advised to download a copy of NPC Advisory 17-01 through their website, privacy.gov.ph, for guidance on the designation of a DPO as well as the qualifications necessary to be an effective DPO/COP for the LGU.5.2.1 Download more information about the DPA and NPC as well as the form for the Data Protection Officer through their website, www.privacy.gov.ph; and
5.2.2 Cause the immediate and widest dissemination of this Memorandum Circular to all local government units within their respective regional jurisdictions.
6.1 Non-compliance to this Memorandum Circular may be a ground for the erring official/s of the local government unit to disciplinary actions:7.0 References6.1.1 By the President, in case of elective official of a province, a highly urbanized or an independent component city;
6.1.2 By the governor, if the respondent is an elective official of a component city or municipality; or
6.1.3 By the mayor, if the respondent is an elective official of the barangay.
7.1 Republic Act No. 10173, also known as the Data Privacy Act of 2012 (DPA)8.0 Repealing Clause
7.2 IRR of RA No. 10173
7.3 NPC Advisory No. 2017-01 dated March 14, 2017