Philippines: Adopted NPC notice to businesses processing personal data without registering

On 5 June 2024, the National Privacy Commission (NPC) issued a warning to businesses processing personal data without registering with the NPC. Non-compliance with the Data Privacy Act of 2012 (DPA) and related NPC orders will result in show-cause orders. NPC Circular No. 2022-04 mandates the registration of data processing systems and data protection officers for businesses processing personal data of 250 or more employees, 1’000 or more customers, or data posing significant risks to data subjects. Businesses below these thresholds must still submit an exemption declaration.