On 3 February 2023, the National Privacy Commission ("NPC") launched the NPC Registration System ("NPCRS"). The NPCRS is an online portal for registration with NPC of the data processing systems ("DPS") of both the government and the private sector.
The NPCRS is intended to ease compliance with Republic Act No. 10173 or the Data Privacy Act ("DPA") by allowing both the government and private organisations, considered as Personal Information Controllers ("PIC") and Personal Information Processors ("PIP") under the DPA, to register their respective DPS digitally.
A PIC or PIP that employs at least 250 persons, processes sensitive information of at least 1,000 individuals, or processes data likely to pose a risk to the rights and freedoms of data subjects shall register its newly implemented DPS or inaugural Data Protection Officer ("DPO") through the NPCRS within 20 days from the commencement of such DPS or from the effective date of the appointment of its inaugural DPO.
A PIC or a PIP that processes personal or sensitive personal information involving automated decision-making or profiling must also register its DPS. Other entities may register their DPS voluntarily.
Upon registration, NPC shall issue a Seal of Registration simultaneously with the Certificate of Registration. The Seal of Registration and the Certificate of Registration shall be valid for one year from its issuance. The Seal of Registration must be displayed at the main entrance of the place of business, office, or at the most conspicuous place to ensure visibility to all data subjects.
