Philippines: Adopted Circular on Data Privacy Act Registration requirements (No. 2022-04)

On 5 December 2022, the National Privacy Commission (NPC) of the Philippines adopted the Circular No. 2022-04 regarding the registration requirements of the Data Privacy Act (DPA). The Circular sets out the conditions and process of the registration framework for Data Protection Officers (DPO) and Data Processing Systems (DPS), including the legal thresholds which, upon being met, require mandatory registration and the procedures applicable to the registration process. For example, personal information controllers (PICs) and personal information processors (PIPs) are required to all DPSs if they employ at least 250 persons, process sensitive personal information of at least 1'000 persons, or process data likely to pose risks to the rights and freedoms of data subjects. The Circular is implemented 15 days after publication in the official gazette, with a grace period for registration of 180 days from the effectivity date.