Duration: 5 days – 35 hrs
Overview
The Data Privacy Act Training Course (RA 10173) provides a comprehensive understanding of Republic Act 10173, also known as the Data Privacy Act of 2012, in the context of data protection and privacy in the Philippines. This course is designed for individuals and organizations seeking to comply with data privacy regulations, protect sensitive information, and ensure data security in an increasingly digital world.
Objectives
- Understanding RA 10173: Grasp the key provisions and principles of Republic Act 10173, including its objectives and scope.
- Data Privacy Framework: Comprehend the framework of data protection and privacy regulations in the Philippines.
- Data Subject Rights: Recognize and respect the rights of data subjects, including access, correction, and erasure of personal data.
- Data Processing and Consent: Understand the lawful and secure processing of personal data, including obtaining valid consent.
- Data Security Measures: Implement data security measures and safeguards to protect personal information from breaches and unauthorized access.
- Data Privacy Officer (DPO): Explore the role and responsibilities of a Data Privacy Officer in compliance with RA 10173.
- Data Breach Notification: Learn the protocols and obligations related to data breach notifications and reporting.
- Compliance and Enforcement: Understand the compliance requirements and potential consequences for non-compliance with RA 10173.
Audience
- This course is suitable for individuals and organizations in the Philippines that handle personal data and are required to comply with the Data Privacy Act (RA 10173). It is relevant for data protection officers, IT professionals, legal and compliance officers, and anyone concerned with data privacy and security.
Pre- requisites
- Basic knowledge of data handling and processing.
- Familiarity with information technology and data storage concepts.
- Interest in data privacy regulations and compliance.
- Access to a computer or device with internet connectivity for course materials and activities.
- Openness to understanding legal and regulatory aspects related to data privacy (legal background not required).
Course Content
Privacy and Data Privacy Act
- Introduction to Privacy and Data Privacy
- The Data Privacy Act of 2012 (R.A. 10173)
- Applications of DPA in the Philippines Setting
Key Roles in the Data Privacy Act
- Data Subjects
- Personal Information Controller (PIC)
- Personal Information Processor (PIP)
- Data Protection Officer
- National Privacy Commission
Data Privacy Principles
- Transparency
- Legitimate Purpose
- Proportionality
Data Subject Rights
- Right to object
- Right to access
- Right to data portability
- Right to be informed
- Right to correct
- Right to erasure or blocking
- Right to file a complaint
- Right to damages
- Transmissibility of rights
Classification of Personally Identifiable Information (PII)
-
- Personal Information
- Privileged Information
- Sensitive Personal Information
Personal Data Life Cycle
- Acquisition
- Use
- Storage
- Transfer/Disclosure
- Retention/Destruction
Potential Penalties in the Data Privacy Act
- Examples of Cases
Overview of the functions of a Data Protection Officer (DPO)
- General Qualifications
- Duties and Responsibilities
Security Measures
- Technical Measures
- Organizational Measures
- Physical Measures
Compliance to Data Privacy Act
- Five Pillars of Compliance
- Appoint a Data Protection Officer (DPO)
- Conduct a Privacy Impact Assessment (PIA)
- Create Privacy Management Program (PMP)
- Implement Privacy Data Protection Measures (POP)
- Exercise Breach Reporting Procedure (BRP)
- 32-Point Compliance Checklist
Other Requirements
- Registration of Data Processing Systems (DPS)
- Submission of Annual Security Incident Report
- Conduct of Annual Breach Drill
- Privacy Notice
- Consent from Data Subject
- Data Sharing Agreement (DSA)
- Outsourcing Agreement / Sub-contracting Agreement
- Notification to NPC within 72 hours (in case of a breach)
- ISO Standards
- Philippines’s DPA vs GDP – General Data Protection Regulation
