On 11 January 2023, the National Privacy Commission (NPC) of the Philippines implemented the Circular No. 2022-04 regarding the registration requirements of the Data Privacy Act (DPA) with a grace period. The Circular sets out the conditions and process of the registration framework for Data Protection Officers (DPO) and Data Processing Systems (DPS), including the legal thresholds which, upon being met, require mandatory registration and the procedures applicable to the registration process. For example, personal information controllers (PICs) and personal information processors (PIPs) are required to all DPSs if they employ at least 250 persons, process sensitive personal information of at least 1'000 persons, or process data likely to pose risks to the rights and freedoms of data subjects. There is a grace period for registration of 180 days from the effectivity date, i.e. until 10 July 2023.
Original source