For years, business advocated for a Data Privacy Law. We finally got it. Then we advocated for the implementation of the law. It eventually happened with the establishment of the National Privacy Commission (NPC). The NPC then drafted the Implementing Rules and Regulations, which will take full effect by September this year.
Are we happy? Yes and no.
Yes – because we wanted private data to be protected and we wanted to offer that protection in the Philippines which is good for companies doing international business and are processing data.
No – the implementation of the Law is complicated, opens doors to nuisance legal action, requires the employment of data privacy officers, and makes company executives criminally liable for data privacy breaches.
Does the Law and its IRR affect the Philippines as a destination for data processing, data mining and data analytics?
This workshop will discuss the complex situation, explain the rules and will outline the implementation process.
Why should the C-Level attend with its implementers?
| Time | Topic | Session Coverage | Target Audience |
| 08:30 | Registration | ||
| 09:00 | Welcome | ||
| 09:15 | Introduction to the Data Privacy Act of 2012 | Overview of RA 10173, Rights of a Data Subject and Obligations of PIC’s and PIP’s; ex of LGU as a PIC (vaccination case) | C-Level Executives + Implementing Staff (IT, Finance, HR, Operations, Functional Managers) |
| 10:00 | Module 1: Appoint a Data Privacy Officer
Activity: 20 questions to help you determine whether you need a full-time DPO |
Present the roles and responsibilities of a Data Privacy Officer versus that of a Compliance Officer. Do the 20-question assessment and compare your risk rating with the other participants. (Handouts: DPO Advisory, 20-question assessment) | C-Level Executives + Implementing Staff (IT, Finance, HR, Operations, Functional Managers) |
| 10:35 | Open Forum | ||
| 11:00 | Module 2: Conduct a PIA
Workshop: Privacy Impact Assessment and Privacy by Design |
In plenary, work on the vaccination case. In workgroups, participants will work on case studies to identify privacy risks. Using PbD, they will then identify some possible controls. Groups may use the case studies provided, or use their own. (Handouts: Case worksheets, Circular 16-02, Role Cards) | Implementing Staff (IT, Finance, HR, Operations, Functional Managers) |
| 12:00 | Working Lunch | ||
| 01:15 | Group Reports | ||
| 01:30 | Module 3: Create a Data Privacy Manual
Activity: Draft a privacy notice for your company’s website |
Be familiarized with the contents of a data privacy manual and show samples of privacy notices | Implementing Staff (IT, Finance, HR, Operations, Functional Managers) |
| 02:15 | Module 4: Implement Data Protection Measures
Workshop: Safety and Security Tips |
Overview of Circular 16-01 and round-robin workshop on safety and security tips. (Handouts: Circular 16-01, Tip cards)
|
Implementing Staff (IT, Finance, HR, Operations, Functional Managers) |
| 03:15 | Open Forum | ||
| 03:45 | Module 5: Handling Data Breaches
Workshop: Identifying your Top Threats |
Overview of Circular 16-03 and “charades” activity to act out (and identify) what are the participant’s top threat vectors.
|
Implementing Staff (IT, Finance, HR, Operations, Functional Managers) |
| 04:45 | Closing and Photo Session | Remind participants to accomplish evaluation forms | |
Php 13,000 – C-Level Executive + 1 Implementing Manager
Php 6,000 – for every additional implementing manager
Php 3,500 – C-Level attendees attending only in the morning
** It is required to have a C-Level attendee attend with at least 1 implementing manager
** Prices exclude 12%vat
For confirmations and more information, please contact Ms. Jasmin Runez of ECCP at 845 1324 or email jrunez@eccp.com
In close partnership with government, businesses, civil society, and academia, ECCP passionately works to enhance the business environment for both European and Filipino companies.