European IT group pushing firms to meet data privacy deadline

A European foundation is raising the alarm on companies that have yet to comply with the country’s data privacy law ahead of the March 8 deadline set by the National Privacy Commission (NPC).

European Innovation, Technology, and Science Center (EITSC) president Henry Schumacher said that everyone has the right to reasonable access on how personal data is being processed by information controllers and processors.

“We have all the rights to dispute the inaccuracies or errors in the personal data and to request the suspension, withdrawal, blocking removal and destruction of personal data. We also have the right to complain for any damages brought by inaccurate, incomplete, outdated, unlawfully obtained, or unauthorized use of personal data,” Schumacher said.

The EITSC late last year partnered with the NPC to run a series of data privacy workshops for companies to raise awareness about Republic Act No. 10173 or more commonly known as the Data Privacy Act and provide a clear roadmap for its implementation.

Schumacher said that since the holding of the workshops, more than 100 companies appear to be non-compliant. He expects those that participated will meet the deadline next week.

In 2012, Republic Act No. 10173 was signed with the goal of protecting personal data in information and communication systems in the government and the private sector in accordance to the fundamental human right of privacy.

The Data Privacy Act requires companies with at least 250 employees or has access to personal data of at least 1,000 people to have a data protection officer and register their data processing systems with the NPC.

Under the law, a company should have an appointed data protection officer (DPO), conducts privacy impact assessment, create privacy knowledge management program, implement privacy and data protection policy, and exercise breach reporting procedure.

Offenses under the Data Privacy Act are punishable by up to seven years imprisonment and up to P7 million in fines depending on the nature and degree of violation.

Schumacher said it is imperative to strengthen the country’s enforcement of its data protection laws and strive to be of equal footing as other countries and regions in the world.

“We need to be at par internationally. Companies with operations in the Philippines are already using huge amounts of data in business process management, and knowledge process management. Data and information should be protected at the highest level,” he said.

Schumacher said the problem lies in awareness for some companies in best practices in data safekeeping. He cited Western European countries that have placed heavy regulation and enforcement with regard to their data safekeeping and processing as the models the country could follow.

Currently, in Asia, only South Korea and Hong Kong ranked heavy in data protection laws while China, Japan, and Singapore are shown to have robust standards. Philippines, along with Indonesia and Thailand showed limited data security laws.

The EITSC said it will continue its information drive to ensure that companies across industries are complying with the Data Privacy Act.

Comment on this post