Philippines: Adopted National Privacy Commission (NPC) Circular 2023-05 on Prerequisites for the Philippine Privacy Mark Certification

On 25 October 2023, the National Privacy Commission (NPC) adopted Circular 2023-05 on prerequisites for obtaining the Philippine privacy mark certification for organisations and certification bodies. The circular is addressed to personal information controllers (PICs), personal information processors (PIPs), and the accreditation of Certification Bodies (CBs) under the PPM Certification Program. A PIC or PIP must be certified with ISO/IEC 27001 (Information Security Management System)and ISO/IEC 27701 (Privacy Information Management System) standards. In particular, the certification bodies must further meet ISO/IEC 17021-1 in order to be accredited. In case PICs, PIPs, or CBs fail to comply with the prerequisites for certification or accreditation, they won't be able to apply for certification and accreditation under the PPM Certification Program.