Philippines: Implemented Data Privacy Act of 2012 (Republic Act 10173) including data protection authority governance

On 8 September 2012, the Data Privacy Act of 2012 (Republic Act 10173) entered into force. The Act is applicable to any processing of personal data within the Philippines. The Act establishes the National Privacy Commission (NPC) as the independent body responsible for the administration and implementation of the Act. The NPC is tasked with ensuring the compliance of data controllers, conducting investigations based on complaints and taking measures upon non-compliance. Further, the NPC shall publish guides relating to data protection, review and approve privacy codes by data controllers and assist in matters related to privacy and data protection.