Duration 3 days – 21 hrs
Overview
This course provides a comprehensive understanding of the Philippine Data Privacy Act (RA 10173), its implementing rules and regulations (IRR), and practical measures for compliance. It is designed to help organizations build and sustain a culture of privacy, implement privacy management programs, and mitigate data breach risks in accordance with NPC requirements.
Objectives
- Understand the key principles and provisions of the Data Privacy Act of 2012 and its IRR
- Identify roles and responsibilities of Personal Information Controllers (PICs) and Processors (PIPs)
- Recognize the rights of data subjects and how to uphold them
- Design and implement a Privacy Management Program (PMP)
- Handle data breach incidents and implement reporting protocols
- Ensure compliance through risk-based, proactive approaches aligned with NPC advisories and circulars
Audience
- Data Protection Officers (DPOs)
- Compliance Officers and Legal Advisors
- IT and Security Professionals
- HR, Marketing, and Finance Personnel handling personal data
- Business Owners and Managers
- Government and Private Sector Employees involved in data processing
Prerequisites
- None required, but familiarity with basic organizational policies and IT systems is helpful
Course Content
Foundations of Data Privacy Compliance
Introduction to RA 10173 – Data Privacy Act of 2012
- Background, objectives, and scope
- Key definitions (e.g., personal data, sensitive data, processing)
National Privacy Commission (NPC)
- Powers, functions, and issuances
- NPC advisories, circulars, and compliance expectations
The Five Pillars of Compliance
- Appointing a DPO
- Conducting a Privacy Impact Assessment (PIA)
- Creating a Privacy Management Program (PMP)
- Implementing Privacy and Data Protection Measures
- Exercising Breach Reporting and Response Protocols
Data Subject Rights
- Rights under the law
- Handling requests and complaints
Obligations of PICs and PIPs
- Responsibilities and liabilities
- Outsourcing and third-party processing
Practical Implementation & Compliance Workshop
Privacy Impact Assessment (PIA) Workshop
- Conducting a PIA step-by-step
- Common risks and mitigation examples
Developing a Privacy Management Program (PMP)
- Organizational policies and guidelines
- Documentation, awareness campaigns, and audits
Data Breach Management and Response
- Identifying and classifying incidents
- Breach notification process (72-hour rule)
- NPC breach reporting template and process
Training, Awareness, and Culture Building
- Sustaining compliance through continuous education
- Creating a privacy-aware workforce
Case Studies & Compliance Scenarios
- Local and global privacy breach cases
- Common violations and enforcement actions
