Search for:

In brief

On 6 March 2021, the Philippine National Privacy Commission (NPC) posted on its official Facebook page its answers to some frequently asked questions involving eRehistro — NPC’s newly announced online registration and renewal platform for both Phase 1: Data Protection Officer (DPO) and Phase 2: Data Processing System (DPS) registrations. Learn more about the eRehistro system from our earlier client alert here.

Recommended actions

The NPC has yet to issue formal guidelines regarding the eRehistro system and announce its official launch. In the meantime, we continue to encourage personal information controllers (PICs) and personal information processors (PIPs) to begin preparing, reviewing and updating their compliance and registration information. Specific to Phase 2: DPS registration, clients are advised to commence preparing the pieces of information required for the registration process, as discussed below.

We also recommend that clients keep themselves updated of further developments from the NPC, either through the commission’s website or its social media channels, regarding the eRehistro system. Our firm is also closely monitoring this compliance matter and we will provide more updates as they arise.

In more detail

NPC registration requirement

Registration with the NPC is required for PICs and PIPs processing personal data and operating in the Philippines under any of the following conditions:

  • processing the sensitive personal information of at least 1,000 individuals
  • employing at least 250 individuals
  • belonging to a business/industry sector identified by the NPC (NPC Circular No. 17-01) as subject to mandatory registration

According to the NPC, both new and existing PICs and PIPs that fall within the foregoing registration criteria are required to create an eRehistro account and register their DPS with the NPC.

eRehistro account creation process

In order to create an eRehistro account, PICs and PIPs are required to fill out the eRehistro application form, which will require the following information:

  • For organizations: Name of its head, email address and contact number of the organization
  • For individuals: Name, email address, contact number and government-issued ID number
  • Name, email address, contact number, and gender of the DPO
  • Signature

Once the foregoing information have been encoded, the completed eRehistro application form must be printed, signed and notarized.

Documentary requirements

Aside from the information listed above, the following documents must also be uploaded unto the eRehistro system during the account creation process:

  • board resolution or secretary’s certificate regarding the appointment of the DPO
  • Securities and Exchange Commission (SEC) or Department of Trade and Industry (DTI) or other related document proving the existence of the organization
  • notarized eRehistro application form

DPS registration

The following information must be encoded in the eRehistro system for DPS registration purposes:

  • name of the DPS
  • type of DPS (i.e., paper-based, manual, electronic/automatic, or both)
  • purpose(s) of the DPS
  • whether the person is a PIC or PIP
  • whether the DPS involves automated decision-making
  • whether data processing is outsourced or subcontracted
  • categories of the data subject and personal data involved
  • number of staff in the PIC or PIP’s data protection office
  • number of recipients to whom the personal data will be or may be disclosed
  • whether personal data will be transferred outside the Philippines

Effects of non-registration

Failure of the PIC or PIP to register all of its DPS with the NPC will result in the non-issuance of its certificate of registration. The NPC will consider an organization’s failure to completely register its DPS when it conducts compliance checks or investigations in connection with privacy complaints or security incidents.


Bienvenido Marquez III is a partner in Quisumbing Torres' Intellectual Property, Data and Technology Practice Group. He also co-heads the Consumer Goods & Retail Industry Group and is a member of the Technology, Media & Telecommunications Group. He participates in initiatives of Baker & McKenzie International of which Quisumbing Torres is a member firm. He is a member of Baker McKenzie's Asia Pacific Intellectual Property Business Unit for Brand Enforcement. He is immediate Past President of the Philippine Chapter of the Licensing Executives Society International (2019-2021), and is currently co-chair of the LESI Asia Pacific. He is also a member of the Anti-Counterfeiting Committee of the International Trademarks Association (INTA). He has been appointed as member of the INTA Asia Global Advisory Council (GAC) for 2022 to 2023, making him the only Philippine representative on the council.

Bien has vast experience in handling IP enforcement litigation, trademark and patent prosecution and maintenance, copyright, data privacy, information security, IT, telecommunications, e-commerce, electronic transactions, cyber security and cybercrime. He has been consistently ranked as a leading individual for Intellectual Property and TMT in Legal 500 Asia Pacific, Chambers Asia Pacific, asialaw Leading Lawyers, Managing IP Stars, Asia IP, and World Trademark Review. He was also recognized as a Volunteer Service Awardee by INTA in 2018.


Divina Ilas-Panganiban is a partner in Quisumbing Torres’ Intellectual Property and Information Technology & Communications practices. She has 15 years of experience in the fields of intellectual property law, commercial law and litigation. She currently serves as the Vice-President and Director of the Philippine Chapter of Licensing Executives Society International. Ms. Panganiban often serves as resource speaker in local and international seminars on IP and IT laws.


Neonette Pascual is an associate in Quisumbing Torres' Intellectual Property Practice Group and Information Technology & Communications Industry Group. She has nine years of experience handling matters involving contracts, incorporation, compliance, litigation, and corporate housekeeping. Prior to joining Quisumbing Torres, Ms. Pascual worked as legal counsel for the Philippine offices of two global outsourcing services companies