Data Privacy Module 3
Data Privacy Module 3
Data Privacy Module 3
OFFICER
Data Privacy Fundamentals
Module 3
Example:
A DPO in an HUC (Highly Urbanized City) and a
COP in each barangay under its jurisdiction
Example:
A DPO in the COMELEC central office and a
COP in each field office
Example:
A DPO in an insurance company’s central office and
a COP in each branch office
Example:
A DPO in the holding company and a COP in each of its
subsidiaries
Example:
A DPO in a national club and a COP in each chapter
Analyze and check the compliance Privacy Compliance and Progress Report
Privacy Impact Assessment
Inform, advise, and issue recommendations to the PIC or Be aware of privacy ecosystem
PIP Privacy Management Program
Advice the PIC or PIP as regards the necessity of Manage third parties
executing a Data Sharing Agreement
• The extent of the involvement of the DPO in the PIA is left to the
discretion of the PIC or PIP. The DPO may actively take part in the
PIA, or may simply be consulted on the PIA results. (NPC Advisory
17-03).
3. Advise the PIC or PIP regarding complaints and/or the exercise by data subjects
of their rights
6. Advocate for the development, review and/or revision of policies, guidelines, projects
and/or programs of the PIC or PIP relating to privacy and data protection, by adopting a
privacy by design approach;
7. Serve as the contact person of the PIC or PIP vis-à-vis data subjects, the NPC and other
authorities in all matters concerning data privacy or security issues or concerns and the
PIC or PIP;
a. File your request for advisory opinion in the same manner as a complaint.
b. You request should include all facts necessary for the Commission to evaluate
your concern and render an opinion.
c. Provide the National Privacy Commission a way to contact you.
d. Remember that if your request is for an advisory opinion, the National Privacy
Commission will not award damages.
• Except for items (1) to (3), a COP shall perform all other functions of a
DPO.
• Where appropriate, he or she shall also assist the supervising DPO in the
performance of the latter’s functions.
Compliance
Information
DATA PROTECTION
Officer for
Privacy
Security OFFICER
RESOURCES AND
Compliance SUPPORT
Officer
WHERE WHAT
Website Title or Name of the DPO
designation or COP should be
Privacy notice
Postal address made available
Privacy policy upon request of
Dedicated
Privacy manual or telephone number NPC or data
privacy guide subject
Dedicated email
Other means address
• Incorporating compliance into the performance bonus parameters of those concerned, especially
for those handling personal data
• Drive the urgency (e.g. like the SARS epidemic, when everyone started installing hand
sanitizers)
privacy.gov.ph