By Raymond Carl Dela Cruz, February 3, 2023; Philippine News Agency
MANILA – The newly launched National Privacy Commission (NPC) Registration System (NPCRS) is seen to ease compliance with the Data Privacy Act of 2012 for both government and private organizations by allowing the online registration of data processing systems.
In a statement on Friday, the NPC said the portal features easy monitoring of requests/approval of registration applications; a secure portal for the monitoring unit to access registration data, and real-time visibility in the validation of documentary requirements.
It will also allow for the accurate collection of information from sectors and subsectors, accurate verification of active or inactive registration, retrieval of contact details of their data protection officer (DPO), and easy generation of documents such as a certificate of registration or statistical reports on registered entities.
The NPCRS was developed in parallel with the finalization of NPC Circular No. 2022-04, dated Dec. 5, 2022, entitled “Registration of personal data processing system, notification regarding automated decision-making or profiling, designation of DPO, and the NPC seal of registration.”
The circular took effect on Jan. 11.
Rainier Anthony Milanes, chief of the NPC’s Compliance and Monitoring Division, said the circular aims to address issues encountered in implementing old circulars on common or multiple DPOs.
“It also provides new regulations such as the requirement to display the NPC seal of registration which will provide data subjects the needed assurance that entities processing their personal data have completed the first level of DPA compliance,” Milanes said.
Section 5 of the circular mandates PICs or PIPs that employ 250 or more persons, that process sensitive personal information of 1,000 or more individuals, or that process data that will likely pose a risk to the rights and freedoms of data subjects, to register all their data processing systems.
“The registration system was developed using privacy by design and development, security, and operations (DevSecOps). Privacy Impact Assessments were conducted during planning, before implementing changes concerning personal data processing, and before the system goes live,” he said.
NPC Commissioner John Henry Naga said the NPCRS and the launch of the Data Breach Notification Management System in April 2022 are part of their efforts towards President Ferdinand R. Marcos Jr.’s marching order of digitalizing government services. (PNA)