The National Privacy Commission (NPC) is set to conduct the DPO COMPLex “experiential” compliance workshop for government data protection officers (DPOs) on November 13 to 14 at the Luxent Hotel in Quezon City. This following a marked improvement in this year’s DPO registration figures for the sector.
State universities and colleges (SUCs) saw the biggest jump in the number of registered entities compared to last year, jumping to 87%. National government agencies (NGAs) is next at 73%, followed closely by government-owned and controlled corporations (GOCCs) at 72%, while local government units (LGUs) are at 39%.
In November 2018, registration in the NPC of SUCs was only at 6%, NGAs at 5%, GOCCs at 17%, while LGUs was at 12%.
The surge in numbers is attributed to the NPC’s enhanced compliance program launched beginning January this year, which consisted of intensified privacy sweeps geared towards government institutions as well as compliance awareness campaigns, including the 1st Digital Data Governance for the Public Sector Conference held alongside other events during the Privacy Awareness Week last May.
“As one of the biggest repositories of personal data in the country, it is only imperative that the government fully complies and sets the tenor for all other sectors. Compliance begins once an organization’s Data Protection Officer registers with the NPC. It’s not the be-all, end-all of compliance but it’s the crucial start. It is an indication of accountability and the willingness to cooperate with the Commission. Compliance itself, however, is a journey and takes some time to perfect. We understand that, so, we provide extensive knowledge support to those who are eager to comply,” Liboro said.
The two-day DPO COMPLex is the result of focused group discussions with DPOs from various government offices who discussed with the NPC the challenges they face at work when instituting compliance-related measures and activities.
Day-one (November 13) will be for DPOs in NGAs and LGUs while day-two (November 14) will be for GOCCs and SUCs. It features simulation modules to equip participants with first-hand privacy compliance experience on Data Mapping, Privacy Impact Assessment, Criteria for Lawful Processing, Security Measures, and Breach Management.
By the end of the “experiential” workshop, participants are expected to be better equipped on how to prepare and maintain records of processing activities of their agencies and create multi-layered privacy notices, as well as perform a privacy impact assessment in accordance with NPC Advisory 17-03.
Participating government DPOs are also expected to hone their skills at identifying the appropriate criteria or legal basis for their agency’s personal data processing activities; employing security measures required under NPC Circular 16-01 on security of personal data in government agencies; as well as preparing and implementing data sharing agreements in accordance with NPC Circular 16-02, when applicable.
Lastly, participants are also expected to gain a better understanding of how to establish personal data breach management procedures for their respective agencies in accordance with NPC Circular 16-03.
Due to the limited slots available, the DPO COMPLex is strictly by-invitation-only to registered government DPOs. Event registrants are to be accommodated on a first-come, first-served basis.