A European foundation on Thursday urged companies to comply with the Philippines’ data privacy law ahead of a March 8 deadline set by the National Privacy Commission (NPC).
In a statement, Henry Schumacher, president of the European Innovation, Technology, and Science Center (EITSC), said everyone had the right to know how his or her personal data was being processed by information controllers and processors.
“We have all the right to dispute inaccuracies or errors in [our]personal data and to request the suspension, withdrawal, blocking removal and destruction of personal data,” Schumacher said.
“We also have the right to complain for any damage brought by inaccurate, incomplete, outdated, unlawfully obtained, or unauthorized use of personal data,” he added.
His statement came after EITSC partnered with NPC late last year for several data-privacy workshops to raise companies’ awareness of Republic Act (RA) 10173, or the Data Privacy Act of 2012, and provide a clear road map for its implementation.
More than 100 companies seem to be non-compliant since the workshops, Schumacher said, adding that he expected participants to meet the deadline.
RA 10173 aims to protect personal data in information and communication systems in both the public and private sectors.
It requires companies with at least 250 employees or that have access to the personal data of at least 1,000 people to have a data protection officer (DPO) and register their data processing systems with NPC.
Under the law, firms should have an appointed DFO and a privacy impact assessment, create a privacy knowledge management program, implement a privacy and data protection policy, and exercise a breach reporting procedure.
Lawbreakers can be jailed for up to seven years and must pay up to P7 million in fines, depending on the nature and degree of their offense.
It is important to strengthen the country’s enforcement of its data protection laws and strive to be of equal footing with other countries, Schumacher said.
“Companies with operations in the Philippines are already using huge amounts of data in business…and knowledge process management. Data…should be protected at the highest level,” he added.
In Asia, Only South Korea and Hong Kong rank highly in enforcing data protection laws, while China, Japan, and Singapore have robust standards, according to the EITSC chief.
The Philippines, Indonesia and Thailand, on the other hand, show limited data security laws, he said.