Philippines: Implemented Data Privacy Act of 2012 (Republic Act 10173) including cross-border data transfer regulation

On 8 September 2012, the Data Privacy Act of 2012 (Republic Act 10173) entered into force including cross-border data transfer regulation. The Act is applicable to any processing of personal data within the Philippines. The Act prescribes the principle of accountability to data controllers, meaning that data controllers are responsible for data which is transferred to a third party for processing and must take measures to ensure this. Further, the data controller must designate an individual responsible for ensuring compliance with the Act.