Philippines: Adopted NPC Advisory No. 2017-03 on Privacy Impact Assessments

On 31 July 2017, the Philippine National Privacy Commission (NPC) adopted the Advisory No. 2017-03 on Privacy Impact Assessments (PIAs). The Advisory is applicable to any person processing personal data which is subject to the Data Privacy Act of 2012 (Republic Act 10173). The Advisory defines the purpose of PIAs, namely to understand the data flows and accompanying risks within an organisation, and lays out the general principles to follow in creating one. Furthermore, the Advisory defines the process to follow when conducting such an assessment, which consists of planning, preparatory activities, the PIA itself and documentation, and defines the responsibilities for each step.