Role of Data Protection Officer PDF
Document Details
Uploaded by IdyllicRhythm
2023
Tags
Summary
This document details the role of a Data Protection Officer (DPO) in the Philippines, emphasizing compliance with data privacy laws. It outlines the DPO's duties and responsibilities for different organizational scenarios as well as necessary support for the DPO.
Full Transcript
ROLE OF DATA PROTECTION OFFICER Guardians of Privacy: Unraveling the DPO’s Vital Role NPC_DIT_PPT-V2.0, R0.0, 01 September 2023 What is a Data Protection Officer (DPO)? Guardians of Privacy: Unraveling the DPO’s Vital Role DATA PROTECTION OFFICER (DPO...
ROLE OF DATA PROTECTION OFFICER Guardians of Privacy: Unraveling the DPO’s Vital Role NPC_DIT_PPT-V2.0, R0.0, 01 September 2023 What is a Data Protection Officer (DPO)? Guardians of Privacy: Unraveling the DPO’s Vital Role DATA PROTECTION OFFICER (DPO) is a designated individual within an organization responsible for overseeing and ensuring compliance with data privacy laws and regulations. Guardians of Privacy: Unraveling the DPO’s Vital Role WHY APPOINT A DPO? PIP & PIC are required to appoint or designation a Data Protection Officer or Compliance Officer. DPOs will be accountable for ensuring compliance laws and regulations relating to data privacy. Guardians of Privacy: Unraveling the DPO’s Vital Role COMPLIANCE OFFICER FOR PRIVACY (COP) An individual or individuals who performs some functions of a DPO in particular cases. The minimum qualifications for a COP shall be proportionate to his or her functions, as provided in NPC Advisory 2017-01. Guardians of Privacy: Unraveling the DPO’s Vital Role COP for LGU’s Aside from having a DPO, a component city, municipality, or barangay can designate a COP, as long as the COP shall be under the supervision of the DPO. Example: A DPO in Highly Urbanized City (HUC) and a COP in each barangay under its jurisdiction. Guardians of Privacy: Unraveling the DPO’s Vital Role QUALIFICATIONS OF A DPO/COP Guardians of Privacy: Unraveling the DPO’s Vital Role Duties and Responsibilities of A DPO/COP Guardians of Privacy: Unraveling the DPO’s Vital Role DUTIES & RESPONSIBILITIES Monitor the PIC’s or PIP’s compliance with the DPA,, its IRR, issuances by the NPC and other applicable laws and policies. For this purpose he/she may: a) Collect Information b) Analyze and check the compliance c) Inform, advise, and issue recommendations to the PIC or PIP; d) Ascertain renewal of accreditations or certifications e) Advice the PIC or PIP as regards the necessity of executing a Data Sharing Agreement. Guardians of Privacy: Unraveling the DPO’s Vital Role Ensure the conduct of Privacy Impact Assessments relative to activities, measures, projects, programs, or systems of the PIC or PIP; Advise the PIC or PIP regarding complaints and/or the exercise by data subjects of their rights Ensure proper data breach and security incident management by the PIC/PIP, including the latter’s preparation & submission to the NPC of reports and other documentation concerning security incidents or data breaches within the prescribe period; Guardians of Privacy: Unraveling the DPO’s Vital Role DUTIES & RESPONSIBILITIES Inform and cultivate awareness on privacy and data protection within the organization of the PIC/PIP, including all relevant laws, rules and regulations and issuances of the NPC; Advocate for the development, review and/or revision of policies, guidelines, projects and/or programs of the PIC/PIP relating to privacy and data protection, by adopting a privacy by design approach; Guardians of Privacy: Unraveling the DPO’s Vital Role DUTIES & RESPONSIBILITIES Serves as the contact person of the PIC/PIP vis-à-vis data subjects, the NPC and other authorities in all matters concerning data privacy or security issues or concerns and the PIC or PIP; Cooperate, coordinate and seek advice of the NPC regarding matters concerning data privacy and security; and Guardians of Privacy: Unraveling the DPO’s Vital Role DUTIES & RESPONSIBILITIES Except for items 1 & 3 a COP shall perform all other functions of a DPO. Where appropriate, he or she shall also assist the supervising DPO in the performance of the latter’s function Guardians of Privacy: Unraveling the DPO’s Vital Role SUBCONTRACTING THE FUNCTION OF DPO/COP Outsourcing or subcontracting is allowed DPO or COP must oversee the performance of the third-party service provider. DPO or COP shall remain the contact person Guardians of Privacy: Unraveling the DPO’s Vital Role SUPPORTING THE DATA PROTECTION OFFICER Guardians of Privacy: Unraveling the DPO’s Vital Role PROCESS OWNERS Own/maintain their respective privacy impact assessments Consult on strategic projects involving the use of personal data (“privacy by design”) Conduct breach drill regularly – test each privacy impact at least once a year Guardians of Privacy: Unraveling the DPO’s Vital Role HUMAN RESOURCE Roll-out training on privacy and data protection Issue security clearance to staff processing personal data (such clearance to be made contingent on passing the privacy training). DPO must have access to all security clearances issued. Implement the recommended organizational controls Guardians of Privacy: Unraveling the DPO’s Vital Role LEGAL DIVISION Ensure that all PIP/service provider contracts, job orders, etc. are compliant. For example, all PIPs must have their own DPO Ensure that all external sharing of data meets the required guidelines of the NPC Guardians of Privacy: Unraveling the DPO’s Vital Role TOP MANAGEMENT Budget support for security controls (technical, organization, physical), for compliance tools and technology, for informational and training activities, for consultant, external auditors, advisers. Incorporating compliance into the performance bonus parameters of those concerned, especially for those handling personal data. Drive the message throughout the organization Drive the urgency Guardians of Privacy: Unraveling the DPO’s Vital Role OTHER SUPPORT TEAMS IT to implement the recommended technical controls Security to implement the recommended physical controls Internal audit to test internally for compliance Guardians of Privacy: Unraveling the DPO’s Vital Role