Philippines: Implemented Circular on Data Privacy Act Registration requirements (No. 2022-04)

On 10 July 2023, the National Privacy Commission (NPC) of the Philippines implemented the Circular No. 2022-04 regarding the registration requirements of the Data Privacy Act (DPA) after the lapse of the 180-day grace period for registration. The Circular sets out the conditions and process of the registration framework for Data Protection Officers (DPO) and Data Processing Systems (DPS), including the legal thresholds which, upon being met, require mandatory registration and the procedures applicable to the registration process. For example, personal information controllers (PICs) and personal information processors (PIPs) are required to all DPSs if they employ at least 250 persons, process sensitive personal information of at least 1'000 persons, or process data likely to pose risks to the rights and freedoms of data subjects.