STEP 1: Account Creation

Access the National Privacy Commission Registration System [NPCRS] at https://npcregistration.privacy.gov.ph

Upon signing up, the PIC or PIP shall input the name and contact details of the Data Protection Officer (DPO) together with a unique and dedicated email address, specific to the position of DPO. [*Official DPO Email]

STEP 2: Registration Proper

Login using credential

- Select Type of DPO/DPS Registration

1. During registration proper, the PIC or PIP shall:

• • 1. Encode the organizational details; name and contact details of the Head of the Organization or Head of Agency.

    2. Encode Data Processing System(s) details; all Data Processing System of the PIC or PIP at the time of initial registration.

    3. Encode the details of the Compliance Officer(s) for Privacy if applicable.

    4. Upload the prescribed supporting documents as provided under Section 11, NPC Circular No. 22-04.

    5. Click “Save Registration”.

 2. For Notarization

1. 1. Export DPO Form (PDF format) automatically created during DPS registration.

   2. Print and Sign downloaded form (both DPO and Head of the Organization or Agency).

   3. Have the completely filled out form notarized.

   4. Scan, upload and submit notarized DPO Form.

NOTE: The submissions of the PIC or PIP shall undergo review and validation by the Commission. In case of any deficiency, the PIC or PIP shall be informed of the same and shall be given five (5) days to submit the necessary requirements.

STEP 3: Download the Certificate of Registration and NPC Seal of Registration

Once the submissions have been validated and considered complete, the PIC or PIP shall be informed that the Certificate of Registration together with the NPC Seal of Registration is available for download.

IMPORTANT REMINDERS:

*All are required to use an Official DPO email address, not personally identified with the person of the appointed DPO but with the position of DPO (i.e. dataprotection@domain.com).

The DPO email address should be unique per PIC/PIP.

The email address and Philippine cellphone number you provide will be treated as your official contact channels.

On 22 April 2022, the National Privacy Commission, through its Compliance and Monitoring Division, launched the Data Breach Management System (DBNMS) for the easier and more convenient submission of personal data breach notifications and Annual Security Incident Reports by Personal Information Controllers and Processors. The System allows more effective issuance of Orders as well as real-time update and reflection of the status of the submissions. It also allows a more efficient manner of compliance by Data Subjects which eliminates the submission of inaccurate data breach notifications through its self-evaluation tool. The data gathered from the DBNMS are used by the Commission in its policy and standards development, awareness campaign, and other privacy-related advocacies of the Commission.