Is your Organization DPA and GDPR Ready? Protect your Company’s Greatest Resource: DATA

The world now relies on data more than ever but still view it as something not-so-significant. Just recently Google confirmed that emails sent and received via Gmail can be read by third-party app developers and Facebook got breached of its 87 million records by a political data firm. With how flimsy we treat today’s greatest resource, it is never too far to materialize the projected 1.745 trillion USD damages for Asia Pacific alone by Frost & Sullivan.

Our standards in handling, accessing, and sharing big data down to the very minute pools of personal information shouldn’t be neglected and should evolve with how fast data is acquired, shared, and accessed – thus legislating Data Privacy Act of 2012 (DPA) for the Philippines and General Data Protection Regulation (GDPR) for the European Union came to play.

Data Privacy Act of 2012 (RA 10173)

The DPA is Philippines’ first comprehensive data protection law, seeks to protect, and secure personal information collected by the government and private sector.

Regardless of the industry, it is just right to take in mind and observe the compliance to this data protection law. This is not just to safeguard your data as an organization but also to secure your processes in handling, gathering, and processing data from your partners and clients.

Principles:

  • Transparency – Any information and communication relating to processing of personal information should be easy to access, understand and has clarity.
  • Legitimate Purpose – The processing of personal data shall be compatible with a declared and cleared purpose, which must not be contrary to law, morals, or public policy
  • Proportionality – Personal data shall be processed only if the purpose of the processing could not reasonably be fulfilled by other means.

Every time you use a service, register on social media account, buy a product online, pay your bills, go to your dentist, rent an apartment, or enter into any contract or service request, personal information is required to access certain products or services.

General Data Protection Regulation (GDPR)

Just like DPA, General Data Protection Regulation is a law that sets the standard for data security, primarily for data that is owned by the European union and processed in and out of EU.

Steps to GDPR compliance:

  • Map how data is processed and managed inside your organization.
  • Update your privacy policy by concisely stating the legal basis for data processing, their rights, the data retention period, and the use of their data in your organization—taking GDPR as the bearing.
  • Educate employees, partners, and clients of this change as per Article 13 of GDPR.
  • Update consents for opt-in forms, cookies, and other platforms you use online to gather personal data. Let these a consent pop-ups or reminder windows be visible whenever data a user is about to provide their personal information.
  • Assign a Data Protection Officer for regular data processing audits for your company.

DPA and GDPR Comparison

Though both are encompassing data-centric legislation, they still both have salient differences from each other.

  DPA GDPR
Geographical and demographic scope
  • Implemented in the Philippines
  • Covers Filipino citizens staying in the country or traveling abroad
  • Implemented in Europe
  • Covers data subjects owned by UK regardless of residency and ethnicity of data handlers
Data rights for deceased/incapable data owners Provides “transmissibility of rights” to rightful heirs and assigns to invoke the rights of a deceased or incapacitated data subject. Provides sole liability of the data to its owner without the rights to transfer ownership
Age scope for data processing consent Assumes to cover the country’s majority population age, 18, as mentioned in Republic Act 6809 Parental consent for data subjects that are below 16 years old
Assignment of Data Privacy Officer (DPO)
  • Must be an employee of the company
  • Should be under contract within two years (if contractual or project-based)
  • Should always have the role as the main contact person of NPC (if outsourced)
Only required for data processors who are in the European Union for business and/or monitoring purposes.
Standards for data verification DPA honors sectorial certification regulations, such as the regulation imposed by BSP among banks and financial institutions and the like GDPR uses the standard set by the European Standard Seal
Sanctions Mentions fines up to 5 million PHP and imprisonment up to 7 years Specifies fines up to 20 million EUR or 4% of the previous year’s turnover of the offender

To help companies and organizations start their DPA compliance initiatives, we made available online tools, resources, and technologies like Azure, O365, and Enadoc:

  • Azure – Private cloud computing platform for Enterprise that comes into three pillars: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). This comes along with 600+ services.
  • Office 365 – Business email and collaboration suite that empowers office productivity, turnaround rates, and data management and security.
  • Enadoc – an innovative, cloud-based enterprise document imaging system.

With these tools to assist you create, manage, and share data across your organization, complying to DPA and GDPR should be a breeze.

Digital transformation is a modern phenomenon we all have been experiencing. With the advent of its benefits to global industries, expected are data mishaps and crimes that DPA and GDPR prevent to happen. Stay aware and be compliant with Tech One Global.

Tech One puts data privacy at the high priority and giving an importance to the advancement of maintaining confidentiality in information handling and data protection.

We encourage all companies and organization to check out the Data Privacy Act and secure the safety of how their data protection works.

You may check our website for more details of our solution and services. Visit now!

Social Media

Get The Latest Updates

Subscribe To Our Weekly Newsletter

No spam, Just News and Updates.

Visit Other Pages

On Key

Related Posts

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint

A Guide for Everyone Microsoft Defender for Endpoint is a cloud-based security solution that helps protect your organization against today’s ever-evolving threats. It uses the

Why choose Azure Stack HCI?  

  Azure Stack HCI is a hyper-converged (HCI) cluster solution that hosts virtualized Windows and Linux workloads and their storage in a hybrid environment that

End of Support for Office 2013

Support for Office 2013 will end on April 11, 2023, and there will be no extension and no extended security updates. All your Office 2013 apps

Twitter
Facebook
LinkedIn