Embedded Files
You are here: Programs & Services / LGMED PPAs / Core Functions / Data Privacy Act
DATA PRIVACY ACT
In compliance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012, and National Privacy Commission (NPC) Circular No. 2022-04 dated 05 December 2022, which mandates the appointment of a Data Protection Officer (DPO), the registration of Data Processing Systems (DPS), and the display of the NPC Seal of Registration (SOR), all Local Governments Units (LGUs) are hereby reminded to ensure strict adherence to the following, as contained in DILG Memorandum Circular No. 2024-135 dated 12 September 2024:
1. Registration of Data Processing System (DPS)
LGUs shall register with the NPC, through the NPC Registration System (NPCRS)², their respective DPS³ that process personal or sensitive personal information. In instances where an LGU utilizes a DPS provided by a third-party service provider, the concerned LGU shall ensure that such system is registered in the NPCRS. The service provider, for its part, must also register the same on behalf of the LGU.
¹ Amending DILG Memorandum Circular No. 2018-36.
² The LGU shall create its account by signing up through the official registration platform of the NPC, accessible at www.npcregistration.privacy.gov.ph, and submit a duly notarized Application for Registration accompanied by the required supporting documents, such as Special Order, Office Order, or similar issuance formally designating or appointing the LGU’s DPO, duly signed by the concerned Local Chief Executive.
³ “Data Processing System” refers to the structure and procedure by which personal data is collected and processed in an information and communications system, or any other relevant filing system.
2. Mandatory Appointment of Data Protection Officer (DPO)
LGUs at the Provincial, City, and Municipal Levels shall designate a DPO occupying a position not lower than the rank of a Department Head. Each LGU is authorized to register only one (1) DPO.
Barangays are not mandated to independently designate their own DPOs. Cities and Municipalities may instead designate a Compliance Officer for Privacy (COP)⁴ at the Barangay Level who shall, at all times, operate under the direct supervision and authority of the DPO.
3. Mandatory Display of Seal of Registration (SOR)
LGUs shall display the issued SOR⁵ at the main entrance of their respective offices or at another conspicuous location to ensure visibility to all data subjects. Where applicable, they shall likewise post the issued SOR on their official website, either as a clickable link directing users to the Privacy Notice or by displaying it directly on the Privacy Notice page.
⁴ Pursuant to Section 2(c) of NPC Circular No. 2022-04, “Compliance Officer for Privacy” refers to an individual that performs the function or some of the functions of a DPO in a particular region, office, branch, or area of authority. In instances where a COP is designated by an LGU, the registration of the LGU’s DPS shall be accompanied by a list of COPs, clearly indicating the Barangay to which each COP is assigned, along with their official email address and contact number.
⁵ Pursuant to Section 10 of NPC Circular No. 2022-04, the SOR shall be simultaneously issued with the COR upon successful completion and approval of the registration of the LGU’s DPS and DPO.
Page updated
Google Sites
Report abuse