The National Privacy Commission (NPC) on Friday launched an online portal to register data processing systems, giving government and private organizations a virtual and more convenient way of complying with regulations.
The privacy commission said the NPC Registration System (NPCRS) provides a secure and seamless means to register with them, thereby delivering services in a more effective and efficient manner.
The NPC cited a number of benefits, including the ease of monitoring requests and approval of registration applications.
NPCRS also provides a secure portal for the registration monitoring unit to access registration data while allowing real-time visibility in validating documentary requirements.
The privacy commission also touted that it would give accurate collection of sectors and subsectors information, accurate verification of active and inactive registration, efficient retrieval of contact details of the data protection officer.
It was also seen to provide an easy way of generating documents including, among others, the certificate of registration and statistical reports on registered entities.
“The call for digitalization of government services by the current administration triggered the launching of the NPCRS this February, and the data breach notification management system last April 2022,” Privacy Commissioner John Henry Naga said in a statement.
“Through the NPCRS, the data processing activities of [personal information controllers and processors] will be effectively and efficiently monitored,” he said, adding that it would also ensure compliance with the Data Privacy Act of 2012.
Rainier Anthony Milanes, chief of the NPC’s compliance and monitoring division, said the new circular on registration aimed to address issues such as having multiple data protection officers.
It is also seen to provide data subjects the needed assurance that entities processing their personal data have completed the first level of data privacy act compliance, Millanes said.
Under NPC regulations, data processing systems must be registered by entities that control or process personal information, employ 250 or more persons, as well as those processing sensitive personal information of 1,000 or more individuals.