On 6 March 2020, the National Privacy Commission (NPC) announced that the validity of current registration of personal information controllers (PICs) and processors (PIPs)1 is extended from 8 March 2020 to 31 August 2020. The extension is to make way for the launching of an automated registration system by July 2020.
Applications for renewal of registration using the automated system will be accepted by the NPC beginning 1 July 2020.
The extension only covers PICs and PIPs which have previously completed at least Phase 1 of the NPC registration in accordance with NPC Circular No. 17-01. Phase I involves the submission to the NPC of the accomplished DPO registration form together with all supporting documents. It is completed upon the registrant’s receipt from the NPC of a digital certificate of registration.
For covered PICs and PIPs which have yet to begin the process of registration, they are required to immediately register their DPO with the NPC2 to avoid possible sanctions.
Actions to Consider
Clients covered by the registration requirement are advised to ensure that they have completed their DPO registration with the NPC to avoid sanctions and avail of the extended validity of their registration.
The automated NPC registration system would certainly result in a more convenient and seamless registration process. Clients are encouraged to promptly renew their registration with the NPC once the automated system becomes available.
1 Registration is required for PICs or PIPs meeting any one of the following criteria:
- Processing the sensitive personal information of at least one thousand (1,000) individuals;
- Employing at least two hundred fifty (250) persons; or
- If belonging to the business/industry sector identified by the NPC (NPC Circular 17-01) as subject of mandatory registration.