What is DPA?

Section 3 of Republic Act No. 10173, also known as Data Privacy Act of 2012 (DPA)

It is set to provide the policy of the State to protect the fundamental human right of Privacy of communication while ensuring free flow of information to promote innovation and growth.

Section 16 of the DPA and Section 34 of its Implementing Rules and Regulations (IRR) provide that data subjects shall be
furnished with and given access to their personal data that are being processed in data processing systems, as well as the purpose, scope, method, and manner of such processing,
including the existence of automated decision-making.


DPA is an act protecting Individual Personal Information in information and communications systems in the government and private sector, creating for this purpose the National Privacy Commission (NPC).

Why is DPA important?

Three ways data is being monetized
  • Create new efficiencies
  • Create new services/products
  • Create new market
Data can be captured from the following:
  • Applicants/Visitors
  • Clients/Customers/Prospects
  • Suppliers
  • Employees
  • Family Beneficiaries
Instead of asking “Why is data important?”, ask “What will happen if data is breached?”
  • Trust will be broken
  • Rights of data subjects were violated
Possible consequences
  •  Discontinue of Agreement
  • Termination of Contract
  • Word of mouth – Reputation will be tarnished
  • Complaints – cases to be addressed
  • Loss of Trust
  • Loss of Business

Data Privacy Manual