Contact us
A Guide to NPC Registration in the Philippines

A Guide to NPC Registration in the Philippines

Learn the essentials of NPC registration in the Philippines for businesses handling personal data. Ensure compliance with the Data Privacy Act and protect individuals’ rights.

Market

Topic

Meet our consultants

Schedule a call

by

Sarah Paul
in

Last updated on

  • Liz  Servañez

    Liz Servañez serves as Branch Manager in the Philippines.

  • Christine Aguilar Emerhub Philippines

    Christine Aguilar

    Christine Aguilar serves as Head of Operations in the Philippines.

If your business processes personal data in the Philippines, you must register with the National Privacy Commission (NPC) to show your commitment to data privacy and comply with the Data Privacy Act of 2012 (Republic Act No. 10173).

This article will guide you through the essentials of NPC registration in the Philippines, including key requirements, the registration process, and post-registration tips to ensure compliance.

Who Needs to Register with NPC?

NPC registration is mandatory for the following:

  1. Personal Information Controllers (PICs): Entities that control the processing of personal data.
  2. Personal Information Processors (PIPs): Entities that process personal data on behalf of PICs.
  3. Organizations processing data that meet any of these criteria:
    • Employing at least 250 employees.
    • Processing sensitive personal information of 1,000 or more individuals.
    • Processing personal data which significantly impact the rights and freedoms of individuals.

If your organization falls under these categories, you must register your business with the NPC. A great example would be Fintech companies that handle sensitive financial data for their clients.

Additionally, it is also possible to register with the NPC voluntarily and secure the NPC registration seal. This helps businesses show their commitment to protecting client data and gaining their trust.

Requirements for NPC Registration in the Philippines

To register with the NPC, your organization must prepare the following:

  1. Organization Profile: Basic details about your business, including its name, address, and contact information which you should have if you have successfully incorporated your company.
  2. Data Protection Officer (DPO) Details: Designate a DPO and provide their name, contact information, and proof of appointment.
  3. Data Processing Systems (DPS): Details about the personal data your organization processes, including:
    • The purpose of processing.
    • Categories of data subjects and personal data.
    • Security measures in place.
  4. Risk Assessment Report: An assessment of the risks associated with your data processing activities and mitigation measures.
  5. Privacy Policies and Notices: Your organization’s data privacy policies, data sharing protocols, and retention policies.

Our local experts will help you prepare the necessary documents to ensure accuracy and avoid unnecessary delays or rejections. We will also help you appoint a Data Privacy Officer (DPO) to meet regulatory standards if needed.

NPC Registration Process in the Philippines

Registering with the National Privacy Commission (NPC) in the Philippines is a crucial step for organizations handling personal data. Our expert team handles all aspects of registration, from account creation and document submission to liaising with authorities:

  1. Account Creation and DPO Information: Our business advisors will create your organization’s account on the National Privacy Commission Registration System (NPCRS) and handle the submission of comprehensive details about your designated Data Protection Officer (DPO).
  2. Document Preparation and Submission: Our experts compile and upload all required details, including your organization profile, DPO information, data processing systems, privacy policies, and risk assessments.
  3. NPC Review and Payment: Our team will liaise with the National Privacy Commission to address any additional requirements. After approval, we will guide you through paying the registration fees on the NPCRS.
  4. Certificate Issuance: The NPC will issue your Certificate of Registration and NPC Seal of Registration. We will provide support in maintaining compliance and future renewals.

Legal Compliance and Post-Registration Requirements

After registering your organization, it is vital to remain compliant with the laws and regulations implemented by the NPC. To avoid heavy penalties and suspension of business operations, our business experts will ensure you continue to comply with NPC requirements and the Data Privacy Act of 2012.

These legal compliances include:

  • Updating the NPC on any major changes within 30 days
  • Renewing your registration annually
  • Register any new DPS within 20 days of its implementation
  • Display the NPC Seal of Registration at the main entrance of your business premises and main website

Learn more about Data Privacy Rules in the Philippines.

Ready to register your organization with the NPC? Complete the contact form below and our business advisors will get in touch with you.

Frequently asked questions

Can individual professionals register with the NPC or is it only for organizations?

Yes, individual professionals acting as Personal Information Controllers (PIC) or Personal Information Processors (PIP) can also register with the NPC.

How long is the NPC Certificate of Registration valid?

The Certificate of Registration and Seal of Registration are valid for one year from the date of issuance and are subject to renewal thereafter. The renewal process should be started 30 days before the expiration date.

Can organizations voluntarily register with the NPC even if they don’t meet the mandatory criteria?

Yes, since the Philippines has varying legal entities, any organization can voluntarily register with the NPC, even if they do not meet the eligibility criteria.

What are the deadlines for NPC registration?

New DPS must be registered within 20 days of implementation, major amendments like business name change must be done within 30 days of the change and minor amendments should be made within 10 days of the change.

What happens if I miss the registration deadline?

Missing the registration deadline will result in administrative fines and penalties, including compliance and enforcement orders by local authorities.

Schedule a call with an Emerhub consultant

  • Tell us about your plans
  • We’ll reach out to you to discuss your options

Emerhub Group Disclaimer

The information on our website is for general informational purposes only and is not legal, tax, or accounting advice. While we strive to ensure accuracy, laws and regulations vary and may change over time. Emerhub does not assume any liability for decisions made based on this information. We recommend reaching out to our experts for accurate and relevant guidance.

Discover more from Emerhub

Subscribe now to keep reading and get access to the full archive.

Continue reading