July 23, 2024

The National Privacy Commission (NPC) reminded all businesses that process the data of their clients and workers to register with the NPC or face fines for violations under the Data Privacy Act of 2012 (DPA).

In a statement, the NPC said all businesses that process the personal data of 250 or more employees, 1,000 or more customers, or those processing data that will likely pose a risk to the rights and freedoms of data subjects are required to be registered with the NPC under NPC Circular 2022-04.

“The Commission reminds personal information controllers (PIC) and personal information processors (PIP) of their obligations under the DPA, its implementing rules and regulations, and the issuances of the NPC, including compliance with the registration requirements,” it said.

PICs and PIPs that remain unregistered, it said, will be issued with a show cause order for non-compliance with the DPA and relevant NPC issuances.

The NPC’s Data Security Compliance Office will conduct compliance checks on businesses nationwide.

“The NPC will relentlessly enforce the law by issuing show cause orders to unregistered businesses throughout this year, and those who fail to register despite the notice may be subjected to administrative fines, as provided under NPC Circular 2022-01 or the Guidelines on Administrative Fines,” it said.

Last month, the NPC conducted an on-the-spot privacy sweep at an unnamed mall establishment and found 65 mall tenants who were unregistered with the NPC. – PNA