Philippines: Implemented National Privacy Commission (NPC) Circular 2023-05 on Prerequisites for the Philippine Privacy Mark Certification

On 15 March 2024, the National Privacy Commission (NPC) Circular 2023-05 on prerequisites for obtaining the Philippine privacy mark certification for organisations and certification bodies entered into force. The circular is addressed to personal information controllers (PICs), personal information processors (PIPs), and the accreditation of Certification Bodies (CBs) under the PPM Certification Program. A PIC or PIP must be certified with ISO/IEC 27001 (Information Security Management System)and ISO/IEC 27701 (Privacy Information Management System) standards. In particular, the certification bodies must further meet ISO/IEC 17021-1 in order to be accredited. In case PICs, PIPs, or CBs fail to comply with the prerequisites for certification or accreditation, they won't be able to apply for certification and accreditation under the PPM Certification Program.