Search for:

In brief

On 6 March 2021, the Philippine National Privacy Commission (NPC) posted on its official Facebook page its answers to some frequently asked questions involving eRehistro — NPC’s newly announced online registration and renewal platform for both Phase 1: Data Protection Officer (DPO) and Phase 2: Data Processing System (DPS) registrations. Learn more about the eRehistro system from our earlier client alert here.


Recommended actions

The NPC has yet to issue formal guidelines regarding the eRehistro system and announce its official launch. In the meantime, we continue to encourage personal information controllers (PICs) and personal information processors (PIPs) to begin preparing, reviewing and updating their compliance and registration information. Specific to Phase 2: DPS registration, clients are advised to commence preparing the pieces of information required for the registration process, as discussed below.

We also recommend that clients keep themselves updated of further developments from the NPC, either through the commission’s website or its social media channels, regarding the eRehistro system. Our firm is also closely monitoring this compliance matter and we will provide more updates as they arise.

In more detail

NPC registration requirement

Registration with the NPC is required for PICs and PIPs processing personal data and operating in the Philippines under any of the following conditions:

  • processing the sensitive personal information of at least 1,000 individuals
  • employing at least 250 individuals
  • belonging to a business/industry sector identified by the NPC (NPC Circular No. 17-01) as subject to mandatory registration

According to the NPC, both new and existing PICs and PIPs that fall within the foregoing registration criteria are required to create an eRehistro account and register their DPS with the NPC.

eRehistro account creation process

In order to create an eRehistro account, PICs and PIPs are required to fill out the eRehistro application form, which will require the following information:

  • For organizations: Name of its head, email address and contact number of the organization
  • For individuals: Name, email address, contact number and government-issued ID number
  • Name, email address, contact number, and gender of the DPO
  • Signature

Once the foregoing information have been encoded, the completed eRehistro application form must be printed, signed and notarized.

Documentary requirements

Aside from the information listed above, the following documents must also be uploaded unto the eRehistro system during the account creation process:

  • board resolution or secretary’s certificate regarding the appointment of the DPO
  • Securities and Exchange Commission (SEC) or Department of Trade and Industry (DTI) or other related document proving the existence of the organization
  • notarized eRehistro application form

DPS registration

The following information must be encoded in the eRehistro system for DPS registration purposes:

  • name of the DPS
  • type of DPS (i.e., paper-based, manual, electronic/automatic, or both)
  • purpose(s) of the DPS
  • whether the person is a PIC or PIP
  • whether the DPS involves automated decision-making
  • whether data processing is outsourced or subcontracted
  • categories of the data subject and personal data involved
  • number of staff in the PIC or PIP’s data protection office
  • number of recipients to whom the personal data will be or may be disclosed
  • whether personal data will be transferred outside the Philippines

Effects of non-registration

Failure of the PIC or PIP to register all of its DPS with the NPC will result in the non-issuance of its certificate of registration. The NPC will consider an organization’s failure to completely register its DPS when it conducts compliance checks or investigations in connection with privacy complaints or security incidents.

Author

Bienvenido Marquez III is a partner and head of Quisumbing Torres' Intellectual Property Practice Group and Information Technology & Communications Industry Group. He is also a member of Baker McKenzie's Asia Pacific Intellectual Property Steering Committee. He is experienced in handling IP enforcement litigation, trademark and patent prosecution and maintenance, copyright, data privacy, information security, IT, telecommunications, e-commerce, electronic transactions and cybercrime matters. He also counsels clients on compliance with consumer product laws, including packaging, labeling and regulatory requirements for food, drugs and devices and cosmetics, and conducts administrative litigation relating to the same.

Author

Divina Ilas-Panganiban is a partner in Quisumbing Torres’ Intellectual Property and Information Technology & Communications practices. She has 15 years of experience in the fields of intellectual property law, commercial law and litigation. She currently serves as the Vice-President and Director of the Philippine Chapter of Licensing Executives Society International. Ms. Panganiban often serves as resource speaker in local and international seminars on IP and IT laws.

Author

Neonette Pascual is an associate in Quisumbing Torres' Intellectual Property Practice Group and Information Technology & Communications Industry Group. She has nine years of experience handling matters involving contracts, incorporation, compliance, litigation, and corporate housekeeping. Prior to joining Quisumbing Torres, Ms. Pascual worked as legal counsel for the Philippine offices of two global outsourcing services companies

Author

Jose Angelo Tiglao is an associate with the Intellectual Property, Data and Technology Practice Group as well as the Technology, Media & Telecommunications Industry Group at Quisumbing Torres. He ranked sixth in his batch upon graduation from De La Salle University College of Law, where he also received the Most Outstanding Thesis award for his thesis on social media and fake news regulation in the Philippines. He is both a Certified Information Privacy Professional (Europe) and a Certified Information Privacy Manager by the International Association of Privacy Professionals (IAPP) and is currently the Assistant Corporate Secretary of the Licensing Executives Society Philippines.