Philippines: Entry into force of Implementing Rules and Regulation of the Data Privacy Act of 2012 including data protection authority governance

On 9 September 2016, the Implementing Rules and Regulations of the Data Privacy Act of 2012 entered into force including data protection authority governance. The Rules are applicable to any processing of personal data of Philippine citizens. The Rules specify the tasks of the National Privacy Commission (NPC), an independent body responsible for overseeing the administration and implementation of the Act. The Rules state that the NPC must develop rules, advise on matters related to data protection, educate the public on these topics and perform compliance and monitoring functions. Additionally, the NPC is required to adjudicate complaints and conduct investigations, must take steps to ensure the enforcement of the orders issued and perform other tasks specified in the Rules. Further, the NPC shall publish administrative issuances as well as an annual report to the President and Congress concerning its activities. The Rules stipulate the penalties for any breaches of the regulations.