NPC 101: How to Register with the National Privacy Commission

As we live in a modern world, where everything you see is digital. Everyone needs to be up to date and must conform to the new rules and regulations of the world. And as everything now can be seen online, be it pictures, videos, music, anything, all can be looked up on the internet. That is why the rights of individuals over their personal data and enforcing the responsibilities of entities who process them are being acknowledged in the Data Privacy Act of 2012.

From then an independent body was created under RA No. 10173 or the Data Privacy Act of 2012 which is the National Privacy Commission or NPC. It is mandated to monitor and ensure compliance of the country with international standards set for data protection. The Commission safeguards the fundamental human right of every individual to privacy, particularly information privacy while ensuring the free flow of information for innovation, growth, and national development. One of its functions is to develop, promulgate, review, or amend rules and regulations for the effective implementation of the DPA (Data Privacy Act).

The Registration Process is where a PIC or PIP shall create an account by signing up on the NPC’s official registration platform (NPCRS) where it shall provide details about the entity.

Step 1. Account Creation

a. Access the National Privacy Commission Registration System (NPCRS) at https://npcregistration.privacy.gov.ph

b. Upon signing up, the PIC or PIP shall input the name and contact details of the Data Protection Officers (DPO) together with a unique and dedicated *email address, specific to the position of DPO.

The DPO email address should be unique per PIC/PIP. The email address and Philippine Cellphone Number provided will be treated as the official contact channels.

Step 2. Registration Proper

a. Login using credentials.

b. Select the Type of DPO/DPS Registration

– During registration proper, the PIC or PIP shall:

1) Encode the organizational details; name and contact details of the Head of the Organization or Head of the Agency.

2) Encode Data Processing System(s) details; all Data Processing Systems of the PIC or PIP at the time of initial registration.

3) Encode the details of Compliance Officer(s) for Privacy if applicable.

4) Upload the prescribed supporting documents as provided under Section 11, NPC Circular No. 22-04.

5) Click “Save Registration”

c. For Notarization

1) Export DPO Form (PDF Format) automatically created during DPS Registration.

2) Print and sign the downloaded form (both DPO and Head of the Organization or Agency).

3) Have the completely filled out form notarized.

4) Scan, upload, and submit notarized DPO Form.

NOTE: The submission of the PIC or PIP shall undergo review and validation by the Commission. In case of any deficiency, the PIC or PIP shall be informed of the same and shall be given five (5) days to submit the necessary requirements.

Step 3. Download the Certificate of Registration and NPC Seal of Registration

– Once the submissions have been validated and considered complete, the PIC or PIP shall be informed that the Certificate of Registration together with the NPC Seal of Registration is available for download.

An application for registration filed by a PIC or PIP must be duly notarized and be accompanied by the following documents:

A. For government agencies:

Special or Office Order, or any similar document, designating or appointing the DPO of the PIC or PIP;

B. For domestic private entities:

1. For Corporations:

a) A duly notarized Secretary’s Certificate authorizing the appointment or designation of DPO, or any other document demonstrating the validity of the appointment or designation of the DPO signed by the Head of the Organization with an accompanying valid document conferring authority to the Head of Organization to designate or appoint persons to positions in the organization.

b) Securities and Exchange Commission (SEC) Certificate of Registration.

c) Certified true copy of the latest General Information Sheet.

d) Valid business permit.

2. For One Person Corporation (OPC)

a) A duly notarized Secretary’s Certificate authorizing the appointment or designation of DPO, or any other document that demonstrates the validity of the

appointment or designation of DPO signed by the sole director of the One Person Corporation.

b) SEC Certificate of Registration

c) Valid business permit.

3. For Partnerships

a) A duly notarized Partnership Resolution or Special Power of Attorney authorizing the appointment or designation of DPO, or any other document that demonstrates the validity of the appointment or designation

b) SEC Certificate of Registration.

c) Valid business permit.

4. Sole Proprietorships:

a) A duly notarized document appointing the DPO and signed by the sole proprietor, in case the same should elect to appoint or designate another person as DPO.

b) DTI Certificate of Registration.

c) Valid business permit.

C. For foreign private entities:

1. Authenticated copy or Apostille of Secretary’s Certificate authorizing the appointment or designation of DPO, or any other document that demonstrates the appointment or designation, with an English translation thereof if in a language other than English.

2. Authenticated copy or Apostille of the following documents, with an English translation thereof if in a language other than English, where applicable:

a) Latest General Information Sheet or any similar document.

b) Registration Certificate (Corporation, Partnership, Sole Proprietorship) or any similar document.

c) Valid business permit or any similar document.