Philippines: Implemented Data Privacy Act of 2012 (Republic Act 10173) including data protection regulation

On 8 September 2012, the Data Privacy Act of 2012 (Republic Act 10173) entered into force. The Act is applicable to any processing of personal data within the Philippines. The Act specifies the general data privacy principles, such as the need for legitimate purposes, the fair and lawful processing of data and the limitation of retention time. Further, the Act defines criteria for the lawful processing of personal data and specifically for sensitive personal data. Beyond that, the Act states the rights of data subjects, including the right to information, the right to access or the right to erasure.