Philippines: National Privacy Commission adopted Advisory on privacy engineering in systems life cycle processes (No. 2025-02)

On 27 August 2025, the Philippines' National Privacy Commission adopted an Advisory establishing guidelines on privacy engineering in systems life cycle processes. The Advisory applies to all personal information controllers and personal information processors engaged in processing personal data through data processing systems. The Advisory emphasises privacy-by-design and privacy-by-default implementation across five system development stages, including planning and requirements gathering, designing and development, testing and evaluation, deployment and integration, and operation and maintenance. The Advisory also highlights conducting Privacy Impact Assessments, implementing data minimisation architectures and security measures, including encryption and access controls. The Advisory also stressed regular monitoring and audits, providing clear privacy notices, ensuring default settings provide maximum privacy protection, and training personnel on secure processing.