The world now relies on data more than ever but still view it as something not-so-significant. Just recently Google confirmed that emails sent and received via Gmail can be read by third-party app developers and Facebook got breached of its 87 million records by a political data firm. With how flimsy we treat today’s greatest resource, it is never too far to materialize the projected 1.745 trillion USD damages for Asia Pacific alone by Frost & Sullivan.
Our standards in handling, accessing, and sharing big data down to the very minute pools of personal information shouldn’t be neglected and should evolve with how fast data is acquired, shared, and accessed – thus legislating Data Privacy Act of 2012 (DPA) for the Philippines and General Data Protection Regulation (GDPR) for the European Union came to play.
Data Privacy Act of 2012 (RA 10173)
The DPA is Philippines’ first comprehensive data protection law, seeks to protect, and secure personal information collected by the government and private sector.
Regardless of the industry, it is just right to take in mind and observe the compliance to this data protection law. This is not just to safeguard your data as an organization but also to secure your processes in handling, gathering, and processing data from your partners and clients.
Principles:
- Transparency – Any information and communication relating to processing of personal information should be easy to access, understand and has clarity.
- Legitimate Purpose – The processing of personal data shall be compatible with a declared and cleared purpose, which must not be contrary to law, morals, or public policy
- Proportionality – Personal data shall be processed only if the purpose of the processing could not reasonably be fulfilled by other means.
Every time you use a service, register on social media account, buy a product online, pay your bills, go to your dentist, rent an apartment, or enter into any contract or service request, personal information is required to access certain products or services.
General Data Protection Regulation (GDPR)
Just like DPA, General Data Protection Regulation is a law that sets the standard for data security, primarily for data that is owned by the European union and processed in and out of EU.
Steps to GDPR compliance:
- Map how data is processed and managed inside your organization.
- Update your privacy policy by concisely stating the legal basis for data processing, their rights, the data retention period, and the use of their data in your organization—taking GDPR as the bearing.
- Educate employees, partners, and clients of this change as per Article 13 of GDPR.
- Update consents for opt-in forms, cookies, and other platforms you use online to gather personal data. Let these a consent pop-ups or reminder windows be visible whenever data a user is about to provide their personal information.
- Assign a Data Protection Officer for regular data processing audits for your company.
DPA and GDPR Comparison
Though both are encompassing data-centric legislation, they still both have salient differences from each other.
| DPA | GDPR | |
| Geographical and demographic scope |
|
|
| Data rights for deceased/incapable data owners | Provides “transmissibility of rights” to rightful heirs and assigns to invoke the rights of a deceased or incapacitated data subject. | Provides sole liability of the data to its owner without the rights to transfer ownership |
| Age scope for data processing consent | Assumes to cover the country’s majority population age, 18, as mentioned in Republic Act 6809 | Parental consent for data subjects that are below 16 years old |
| Assignment of Data Privacy Officer (DPO) |
|
Only required for data processors who are in the European Union for business and/or monitoring purposes. |
| Standards for data verification | DPA honors sectorial certification regulations, such as the regulation imposed by BSP among banks and financial institutions and the like | GDPR uses the standard set by the European Standard Seal |
| Sanctions | Mentions fines up to 5 million PHP and imprisonment up to 7 years | Specifies fines up to 20 million EUR or 4% of the previous year’s turnover of the offender |
To help companies and organizations start their DPA compliance initiatives, we made available online tools, resources, and technologies like Azure, O365, and Enadoc:
- Azure – Private cloud computing platform for Enterprise that comes into three pillars: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). This comes along with 600+ services.
- Office 365 – Business email and collaboration suite that empowers office productivity, turnaround rates, and data management and security.
- Enadoc – an innovative, cloud-based enterprise document imaging system.
With these tools to assist you create, manage, and share data across your organization, complying to DPA and GDPR should be a breeze.
Digital transformation is a modern phenomenon we all have been experiencing. With the advent of its benefits to global industries, expected are data mishaps and crimes that DPA and GDPR prevent to happen. Stay aware and be compliant with Tech One Global.
Tech One puts data privacy at the high priority and giving an importance to the advancement of maintaining confidentiality in information handling and data protection.
We encourage all companies and organization to check out the Data Privacy Act and secure the safety of how their data protection works.
You may check our website for more details of our solution and services. Visit now!
