The National Privacy Commission (NPC) launched its online registration system NPC Registration System (NPCRS), providing secure and seamless portal for both government and private organizations to register their data processing systems with the commission.
NPCRS is the latest system developed and implemented by the NPC to deliver services in a more effective and efficient manner.
“The call for digitalization of government services by the current administration triggered the launching of the NPCRS this February, and the Data Breach Notification Management System (DBNMS) last April 2022. The finalization of the Circular on Registration was simultaneous with the development of the National Privacy Commission Registration System,” Privacy Commissioner Atty. John Henry Naga said in a statement Friday, Jan. 3.
Naga said that the implementation of the NPCRS shall provide benefits to the Commission and its stakeholders.
Specifically, the new system improves the ease of monitoring requests/approval of registration applications by NPC. It is also a secure portal for the registration monitoring unit to access registration data using role- based access control and provides real-time visibility in the validation of documentary requirements; accurate collection of sectors and subsectors information.
In addition, accurate verification of active/inactive registration can easily be done through the system; efficient retrieval of contact details of the Data Protection Officer (DPO); and easy generation of documents (e.g. Certificate of Registration, statistical reports on registered entities (daily, monthly, yearly).
With the NPCRS, personal information controllers (PICs) and processors (PIPs), through their Data Protection Officers (DPOs), are allowed to comply with the registration requirements provided in the Data Privacy Act (DPA) of 2012 and its Implementing Rules and Regulations (IRR).
According to Commissioner Naga, information on Data Processing Systems owned by PICs and PIPs allows the NPC to a more efficient compliance monitoring process. “Through the NPCRS, the data processing activities of PICs and PIPs will be effectively and efficiently monitored. Through this system, compliance with the Data Privacy Act of 2012 will be ensured and our endeavor to protect the personal data of every Juan and Juana will be fortified,” said Naga.
Atty. Rainier Anthony Milanes, chief of the NPC’s compliance and monitoring division, explained that the new circular on registration aims to address the issues encountered in implementing the old circular such as common or multiple DPOs.
“It also provides new regulations such as the requirement to display the NPC Seal of Registration which will provide data subjects the needed assurance that entities processing their personal data have completed the first level of DPA compliance,” Milanes added.
The NPC Seal of Registration will be issued simultaneously with the Certificate of Registration.
Section 5 of NPC Circular No. 2022-04 provides for the mandatory registration of a PIC or PIP that employs 250 or more persons, or those processing sensitive personal information of 1,000 or more individuals, or those processing data that will likely pose a risk to the rights and freedoms of data subjects, to register all Data Processing Systems.
Milanes stated that adherence to the data privacy principles of transparency, legitimate purpose, and proportionality were one of the cornerstones in developing the NPCRS.
“The registration system was developed using Privacy by Design and Development, Security, and Operations (DevSecOps). Privacy Impact Assessments were conducted during planning, before implementing changes concerning personal data processing, and before the system goes live,” he explained.
The development of NPCRS is parallel with the finalization of NPC Circular No. 2022-04 published last December 27, 2022. The Circular on the Registration of Personal Data Processing System, Notification Regarding Automated Decision-Making or Profiling, Designation of Data Protection Officer, and the National Privacy Commission Seal of Registration became effective on January 11, 2023.