• Privacy Notice for Students, Teaching and Non-Teachning Personnel
  • Privacy Notice for Alumni and Visitors
  • System Privacy Notice for Learning Management System and SIAS Online
  • Privacy Notice for Classess Conducted Online via Video Conferencing 

The Data Protection Officer

Personal information controllers (PIC) and personal information processors (PIP) are required to appoint or designate a data protection officer (DPO). The DPOs will be accountable for ensuring compliance by the PIC or PIP with the Data Privacy Act, its IRR, related issuances of the National Privacy Commission, and other applicable laws and regulations relating to data privacy and security.

Who may be appointed as a DPO?

The DPO should be a full-time or organic employee of the PIC or PIP. Where the employment of the DPO is based on a contract, the term of the contract should be at least two (2) years to ensure stability. A PIC or PIP, taking into account the complexity of its operations, may choose to have more than one data protection

The DPO should be knowledgeable on relevant privacy or data protection policies and practices, and the processing operations of the PIC or PIP. To develop expertise or to keep himself or herself updated with the developments in data privacy and security, the DPO should be given sufficient time, resources and training to carry
out his or her functions.

The provisions of NPC Advisory 17-01 dated March 14, 2017 may serve as guide in the designation of the DPO.

What documents need the contact details of DPOs?

The designation, postal address, dedicated telephone number, and email address of the DPO should be included the following:

  • Websites
  • Privacy Notice
  • Privacy Policy
  • Privacy Manual
The name or names of the DPO need not be published. However, it should be made available upon request by a data subject or the NPC.

The registration of data processing systems also requires the name and contact details of the DPO.

What are the duties of a Data Protection Officer?

A DPO is accountable for ensuring compliance with applicable laws and regulations for the protection of data privacy and security. To carry out this function, the DPO should:
  1. monitor the PIC’s or PIP’s compliance with the DPA, its IRR, issuances by the NPC and other applicable laws and policies. This includes collecting information about the
    personal data processing of the PIC or PIP, analyzing and checking compliance and any accreditations or certifications, and providing advice and recommendations on legal requirements.
  2. ensure the conduct of Privacy Impact Assessments
  3. advice the PIC or PIP regarding complaints and/or the exercise by data subjects of their rights (e.g., requests forinformation, clarifications, rectification or deletion of personal data);
  4. ensure proper data breach and security incident management by the PIC or PIP
  5. inform and cultivate awareness on privacy and data protection
  6. advocate for the development, review and/ or revision of policies, guidelines, projects and/or programs relating to privacy and data protection, by adopting a privacy by design approach;
  7. serve as the contact person of the PIC or PIP vis-à-vis data subjects, the NPC
    and other authorities in all matters concerning data privacy or security
  8. cooperate, coordinate and seek advice of the NPC
  9. perform other duties and tasks that may be assigned by the PIC or PIP that will
    further the interest of dataprivacy and security and uphold the rights of the data subjects.
Source: The Data Protection Officer |

Brilliance. Innovation. Progress. Service and Unity
P.Inocentes St, Naval, Biliran Philippines 6560

(053) 507-0014