Philippines: Implemented Data Privacy Act of 2012 (Republic Act 10173) including cybersecurity regulation

On 8 September 2012, the Data Privacy Act of 2012 (Republic Act 10173) entered into force. The Act is applicable to any processing of personal data within the Philippines. The Act obligates all data controllers to implement reasonable organisation, physical and technical safeguards to protect personal data against destruction, alteration or disclosure. Further, the data controller is required to protect the data against natural and human dangers. Additionally, the data controller must inform the National Privacy Commission of any data breaches.