Philippine Data Protection Law

Republic of the Philippines
Department of Trade and Industry
DEPARTMENT ADMINISTRATIVE ORDER NO !!!!!!
Series of "##$
S%&'E(T) Prescribin* +uidelines for the Protection of Personal Data in Information
and (ommunications System in the Pri,ate Sector


Section 1. Declaration of Policy

1.1 Whereas, the State recognizes the vital role of information and communications technology in nation building,
as well as its own obligation to ensure network security, connectivity and neutrality of technology for the national
benefit;
1.2 Whereas, under the E!ommerce "aw #$.%. &o. '()2*, the +e,artment of -rade and .ndustry #+-.* shall direct
and su,ervise the ,romotion and develo,ment of electronic commerce in the /hili,,ines with relevant
government agencies, without ,re0udice to the ,rovisions of $e,ublic %ct (123 #!harter of 4angko Sentral ng
/ili,inas* and $e,ublic %ct '()1 #5eneral 4anking "aw of 2666*;
1.3 Whereas, the issuance of clear, trans,arent, ,redictable and enforceable rules to clarify and ensure the
,rotection of ,ersonal data in an information and communications system in the ,rivate sector will encourage
and ,romote the develo,ment of Electronic !ommerce in the /hili,,ines, enhance its com,etitiveness in the
new economy, ,rotect the consumer, and encourage efficiency and trans,arency in commercial transactions;
1.7 Whereas the ,rotection of users, in ,articular with regard to ,rivacy, confidentiality, anonymity and content
control shall be ,ursued through ,olicies driven by choice, individual em,owerment, and industryled solutions.
.t shall be in accordance with a,,licable laws. Sub0ect to such laws, business should make available to
consumers and, where a,,ro,riate, business users, the means to e8ercise choice to ,rivacy, confidentiality,
content control and, under a,,ro,riate circumstances, anonymity;
1.2 Whereas, rules and guidelines for the /rotection of /ersonal +ata in .nformation and !ommunications System
in the /rivate Sector that are technology neutral will hel, ensure continued ,rivate sector initiative and
innovation, and encourage consumer trust;
1.1 %nd finally, recognizing that where a,,ro,riate, marketdriven, contractual arrangements and codes of ,ractice
are better tools for ,rotection of ,ersonal data in an information and communications system, develo,ing user
confidence in electronic commerce.
1.( &ow, therefore, the following guidelines for the ,rotection of ,ersonal data in information and communications
system in the ,rivate sector #hereinafter referred to as the 95uidelines:* are hereby ,rescribed and ,romulgated
for the com,liance of all concerned.
Page 1 of 8
Section 2. Ob-ecti,e and Sphere of Application

2.1 -hese 95uidelines: are intended to encourage and ,rovide su,,ort to ,rivate entities to ado,t ,rivacy ,olicies
for the ,rotection of ,ersonal data in information and communications system in the ,rivate sector.
2.2 -he 95uidelines: ,rescribe the rules governing data ,rotection certifiers. %s business organizations, data
,rotection certifiers are encouraged to formulate, establish and im,lement uni;ue ty,es of certifications for each
industry sector with the view to su,,orting and ,romoting various ty,es of ,rivacy ,rograms.
2.3 -he 95uidelines: likewise a,,ly to the ,rocessing of all ty,es of ,ersonal data whether such data refers to any
natural or legal ,erson, and without regard to whether or not that ,ersonal data is of local origin or from foreign
countries.

Section 3. Definition of Terms

<or the ,ur,oses of these 95uidelines:, the following terms are defined, as follows=

3.1 Accreditation > -hird ,arty attestation by the +-. %ccreditation ?ffice related to a conformity assessment body
conveying formal demonstration of its com,etence to carry out s,ecific conformity assessment tasks.
3.2 Certification -hird ,arty attestation related to ,roducts, ,rocesses, systems, or ,ersons. -he grant thereof is
on a com,any level basis or on a ,er activity or ,rogram basis.
3.3 Consent of the data subject any freelygiven, s,ecific, and informed e8,ression of will whereby data sub0ects
agree to the ,rocessing of ,ersonal data relating to them.
3.4 Data controller a ,erson who #either alone or 0ointly or in common with other ,ersons* determines the
,ur,oses for which and the manner in which any ,ersonal data are, or are to be, ,rocessed.
3.5 Data processor #in relation to ,ersonal data* any ,erson #other than an em,loyee of the data controller* who
,rocesses the data on behalf of the data controller.
3.6 Data Protection Certifier (or “Certifier”) an inde,endent third ,arty duly accredited by the +-. %ccreditation
?ffice ,ursuant to these guidelines to certify the ,rivacy ,rogram of a "icensee !om,any and thereafter, to
monitor and oversee its im,lementation and enforcement. !ertifiers must have=
3.1.1 %de;uate knowledge and e8,ertise concerning the handling and ,rotection of ,ersonal information during
the course of business activities, and, the ability to ,ro,erly conduct business relating to setting ,rivacy
standards with such measures as certifying and checking web site ,rivacy and email ,olicies, scrutinizing
online and offline ,rivacy ,ractices, and resolving consumer ,rivacy ,roblems.
3.7 Data Subject the ,erson to whom ,ersonal data relates.
3.8 DTI Accreditation Office > the body officially designated by the +-. Secretary to govern the im,lementation of
these 95uidelines:.
3.9 Electronic docuent ! information or the re,resentation of information, data, figures, symbols or other modes of
written e8,ression, described or however re,resented, by which a right is established or an obligation
e8tinguished, or by which a fact may be ,roved and affirmed, which is received, recorded, transmitted, stored,
,rocessed, retrieved or ,roduced electronically.
3.10 Inforation and Counications S"ste > a system for generating, sending, receiving, storing or otherwise
,rocessing electronic data messages or electronic documents and includes the com,uter system or other
similar device by or in which data is recorded or stored and any ,rocedures related to the recording or storage
of electronic data message or electronic document.
Page 2 of 8
3.11 #icensee Copan" any data ,rocessor or data controller duly certified by the +-.accredited +ata /rotection
!ertifier as having a /rivacy /rogram com,liant with, and meeting the minimum standards ,rovided by these
5uidelines.
3.12 Person > any natural or 0uridical ,erson including, but not limited to, an individual, cor,oration, ,artnershi,, 0oint
venture, unincor,orated association, trust or other 0uridical entity, or any governmental authority.
3.13 Personal Data any information relating to an identified or identifiable natural ,erson.
3.14 Pri$ac" Pro%ra the ,olicy, ,rocedure, system, regulation, ,ractice, or ,rocess maintained, ado,ted and used
by a "icensee !om,any for the ,rotection of ,ersonal data.
3.15 Processin% ! any o,eration or set of o,erations which is ,erformed u,on ,ersonal data, whether or not by
automatic means.

Section 7. +eneral principles for the protection of personal data

7.1 /ersonal data must be=
4.1.1 !ollected for s,ecified and legitimate ,ur,oses determined before collecting ,ersonal data and are later
,rocessed in a way com,atible with those ,ur,oses;
4.1.2 /rocessed accurately, fairly and lawfully;
7.1.3 %ccurate, and, where necessary for the ,rocessing of ,ersonal data, ke,t u, to date; inaccurate or
incom,lete data must be rectified, su,,lemented, destroyed or their further ,rocessing must be restricted.
7.1.7 .dentical, ade;uate and not e8cessive in relation to the ,ur,oses for which they are collected and ,rocessed;
4.1.5 @e,t in a form, which ,ermits identification of data sub0ects for, no longer than is necessary for the ,ur,oses
for which the data were collected and ,rocessed.
4.2 !riteria for lawful ,rocessing of ,ersonal data. /ersonal data ,rocessing is ,ermitted only if not ,rescribed otherwise
by law, and at least one of the following conditions e8ists=
7.2.1 -he data sub0ect has given his or her unambiguous consent;
7.2.2 -he ,ersonal data ,rocessing results from contractual obligations of the data sub0ect;
7.2.3 -he data ,rocessing is necessary to a data controller for the ,erformance of his or her lawful obligations but
in such cases, the ,rocessing shall be ,ermitted only to fulfill the intention of the ,arties; or
7.2.7 -he data ,rocessing is necessary to ,rotect vitally im,ortant interests of the data sub0ect, including life and
health.

7.3 +isclosure of /ersonal +ata to +ata ,rocessor
4.3.1 % data controller may entrust ,ersonal data ,rocessing to a ,ersonal data ,rocessor ,rovided a written
contract is entered into between them;
7.3.2 % ,ersonal data ,rocessor may ,rocess ,ersonal data entrusted to him or her only within the sco,e
determined in the contract and in accordance with the ,ur,oses ,rovided for therein;
4.3.3 /rior to commencing ,ersonal data ,rocessing, a ,ersonal data ,rocessor shall ,erform safety measures
determined by the data controller for the ,rotection of the system in accordance with the re;uirements in this
95uidelines: and the E!ommerce "aw.
4.4 Storage of data /ersonal data may be stored and used only for as long as it is necessary to achieve the ,ur,ose
for which it was ,rocessed. Anless otherwise sti,ulated in acts on individual ty,es of ,ersonal data, ,ersonal data
shall either be deleted from a ,ersonal data or blocked once the ,ur,ose from the ,receding ,aragra,h has been
achieved.
4.5 $ights of the data sub0ect -he data sub0ect is entitled
7.2.1 -o be informed by any data controller whether ,ersonal data of which that individual is the data sub0ect are
being ,rocessed by or on behalf of that data controller.
7.2.1.1 .f that is the case, to be given by the data controller a descri,tion of=
7.2.1.1.1 -he ,ersonal data of which that individual is the data sub0ect,
7.2.1.1.2 -he ,ur,oses for which they are being or are to be ,rocessed, and
7.2.1.1.3 -he reci,ients or classes of reci,ients to whom they are or may be disclosed.
Page 3 of 8
7.2.2 -o be notified
7.2.2.1 -he information constituting any ,ersonal data of which that individual is the data sub0ect, and
7.2.2.2 %ny information available to the data controller as to the source of those data, and
7.2.2.3 Where the ,rocessing by automatic means of ,ersonal data of which that individual is the data
sub0ect for the ,ur,ose of evaluating matters relating to him such as, for e8am,le, his
,erformances at work, his creditworthiness, his reliability or his conduct, has constituted or is likely
to constitute the sole basis for any decision significantly affecting him, to be informed by the data
controller of the logic involved in that decisionmaking.
4.6 $ights to information % data sub0ect also has the right to re;uest the following information=
7.1.1 -he designation, or name and surname, and address of the data controller;
4.6.2 -he ,ur,ose, sco,e and method of the ,ersonal data ,rocessing;
7.1.3 -he date when the ,ersonal data concerning the data sub0ect was last rectified;
7.1.7 -he source from which the ,ersonal data were obtained unless the disclosure of such information is
,rohibited by law; and
7.1.2 -he ,rocessing methods utilized for the automated ,rocessing systems, concerning the a,,lication of which
individual automated decisions are taken.

7.( +ata sub0ectBs right of access to his or her ,ersonal data. % data sub0ect has the right, within a ,eriod of thirty
#36* days from the date of submission of the relevant re;uest, to receive from the data controller or data
,rocessor the information s,ecified in the ,receding Section in writing.

7.' +ata sub0ectBs right to re;uest rectification, destruction of his ,ersonal data or restriction of further ,rocessing of his
,ersonal data.
7.'.1 % data sub0ect has the right to re;uest that his or her ,ersonal data be su,,lemented or rectified, as well as
that their ,rocessing be sus,ended or that the data be destroyed if the ,ersonal data are incom,lete,
outdated, false, unlawfully obtained or are no longer necessary for the ,ur,oses for which they were
collected. .f the data sub0ect is able to substantiate that the ,ersonal data included in the ,ersonal data
,rocessing system are incom,lete, outdated, false, unlawfully obtained or no longer necessary for the
,ur,oses for which they were collected, the data controller has an obligation to rectify this inaccuracy or
violation without delay and notify third ,arties who have ,reviously received the ,rocessed data of such.
a* .f information has been retracted, a data controller shall ensure the accessibility of both the new and the
retracted information, and that the information mentioned is received simultaneously by reci,ients thereof.

7.) $ight to ob0ect. % data sub0ect has the right to ob0ect #in writing, orally or in any other form* to the ,rocessing of
his or her ,ersonal data if such will be used for commercial ,ur,oses.

Section 2. Voluntary Accreditation

% certification shall declare that the /rivacy /olicy em,loyed by "icensee !om,any and e8amined by a +ata /rotection
!ertifier duly accredited by the +e,artment of -rade and .ndustry #+-.* %ccreditation ?ffice, utilizes commercially a,,ro,riate
and internationally recognized standards. -he certification also covers the trustworthiness of the +ata /rotection !ertifierBs
,ractices.

2.1 $es,onsibilities %rising from %ccreditation
2.1.1 /ursuant to +e,artment %dministrative ?rder &o. 61, series of 2662, ,rescribing the rules governing the
voluntary accreditation of conformity assessment bodies, the +-. %ccreditation ?ffice shall accredit +ata
/rotection !ertifiers based on /hili,,ine &ational or .nternational Standards andCor guidelines.
2.1.1.1 $es,onsibilities of the +-. %ccreditation ?ffice
2.1.1.1.1 $eceive and ,rocess a,,lications for accreditation.
2.1.1.1.2 %s necessary, organize teams to undertake assessment of a,,licants for accreditation.
2.1.1.1.3 Daintain and ,ublish a registry of duly accredited bodies.
Page 4 of 8
2.1.1.1.7 .ssue certificate of accreditation to ;ualified a,,licant bodies based on established accreditation
criteria.
2.1.1.1.2 Sus,end or revoke accreditation of bodies that do not consistently com,ly with the terms and
conditions of accreditation.
2.1.1.1.1 Establish and u,date criteria for accreditation of +ata /rotection !ertifiers thru stakeholder
consultations.
2.1.1.1.( $eceive and investigate the com,laints against "icensee !om,anies and +ata /rotection
!ertifiers.
5.1.1.1.8 Daintain a list of all /hili,,ine+-. %ccreditation ?ffice "icensees of the accredited +ata
/rotection !ertifiers and ,ublicly disclose this list.
2.1.1.1.) $e;uire certifiers to ,rovide +-. %ccreditation ?ffice with additional information in the
a,,lication, such as=
• -y,es and levels of data ,rotection com,liance certification
• Evaluation ,rocedures of data ,rocessors
• "ist of all ,ersonnel certified to ,erform the necessary assessment to data
,rocessors.
2.1.1.2 $es,onsibilities of the %ccredited +ata /rotection !ertifier
2.1.1.2.1 .n addition to the res,onsibilities as stated in +%? 1, Series of 2662 #certified co,y attached
hereto* under the terms and conditions of the certificate of accreditation, the %ccredited +ata
/rotection !ertifier shall ,erform the following=
2.1.1.2.1.1 $e,ort to +-. %ccreditation ?ffice the name of "icensee !om,any within 3 days u,on
issuance of data ,rotection com,liance certification.
2.2 %ccreditation !riteria
2.2.1 -he a,,licant must be a registered /hili,,ine firm.
2.2.2 Shareholders and ,ersonnel of the registered /hili,,ine firm have never been convicted of any violation
under the E!ommerce "aw.
2.2.3 -he a,,licant must be recognized or licensed to ,rovide data ,rivacy or ,rotection com,liance certification by
an international organization or firm.
2.3 %,,lications and $enewal for %ccreditation
5.3.1. %ccreditation under this ?rder is voluntary. %,,lication shall be made in an official form which may be
secured from the +-. %ccreditation ?ffice.
2.3.1.1. Every a,,lication to be an accredited +ata /rotection !ertifier shall be made in such form and manner
as the +-. %ccreditation ?ffice may, from time to time determine, and shall be su,,orted by such
information as the +-. %ccreditation ?ffice may re;uire, such as, but not limited to, the following=
5.3.1.1.1. -y,es and levels of data ,rotection com,liance certification.
2.3.1.1.2. Evaluation ,rocedures of data ,rocessors.
2.3.1.1.3. $esumes of all ,ersonnel certified to ,erform the necessary assessment to data ,rocessors.
5.3.2. -he +-. %ccreditation ?ffice may re;uire a,,lications for renewal of accreditation in concurrence to the
validity of the +ata /rotection !ertifierBs license to issue com,liance certification to data ,rocessors.
5.3.3. % certificate of accreditation shall be sub0ect to such conditions, restrictions, and limitations as the +-.
%ccreditation ?ffice may, from time to time, determine.
2.7. &on$enewal of the %ccreditation of the +ata /rotection !ertifier
2.7.1. .f the +ata /rotection !ertifier has no intention to renew its accreditation certificate, it shall >
2.7.1.1. .nform +-. %ccreditation ?ffice in writing not later than three #3* months before the e8,iry of the
accreditation certificate;
2.7.1.2. .nform all its licensee com,anies in writing not later than si8 #1* months before the e8,iry of the
accreditation certificate, and
2.7.1.3. %dvertise such intention in a daily news,a,er and in a manner, as the +-. %ccreditation ?ffice may
determine, not later than two #2* months before the e8,iry of the accreditation certificate.
2.2. 5rounds for $efusal to 5rant or $enew the %ccreditation of a +ata /rotection !ertifier
2.2.1. +-. %ccreditation ?ffice shall refuse to grant or renew an accreditation certificate if=
Page 5 of 8
2.2.1.1. -he +ata /rotection !ertifier or its substantial shareholder or any trusted ,erson has been convicted,
whether in the /hili,,ines or elsewhere, of an offense which involved a finding that it or he acted
fraudulently or dishonestly, or has been convicted of an offense under the E!ommerce %ct or this
?rder;
2.2.1.2. -here are other circumstances, such as com,laints filed at the +-. %ccreditation ?ffice, which are likely
to reflect the im,ro,er conduct of business by, or discredit on the method of conducting the business of,
the a,,licant or its substantial shareholder or any of the trusted ,ersons.
2.1 $evocation or Sus,ension of the %ccreditation !ertificate
2.1.1 -he +-. %ccreditation ?ffice may sus,end the accreditation certificate for a ,eriod of thirty #36* days on any
of the following grounds=
2.1.1.1 .f the +ata /rotection !ertifier fails to carry on business for which it was accredited within three #3*
months from issuance thereof;
2.1.1.2 .f the +-. %ccreditation ?ffice, based on com,laints or lawsuits filed, has evidence to ,rove that the
+ata /rotection !ertifier or its shareholder or ,ersonnel has not ,erformed its duties efficiently,
honestly or fairly;
2.1.1.3 .f the +ata /rotection !ertifier fails to correct the noncom,liance within the sus,ension ,eriod of
thirty #36* days, the accreditation certificate shall be revoked.
2.1.1.7 .f the same noncom,liance occurs for the second time, the accreditation certificate shall be
revoked.
2.1.2 %n accreditation certificate is revoked if the +ata /rotection !ertifier is wound u,.
2.1.3 -he +-. %ccreditation ?ffice may also revoke the accreditation certificate of a +ata /rotection !ertifier at the
latterBs e8,ress and s,ecific re;uest.
2.1.7 -he +-. %ccreditation ?ffice shall not revoke or sus,end the accreditation certificate on the grounds ,rovided
above without first giving the +ata /rotection !ertifier an o,,ortunity to e8,lain and be heard.
2.( Effect of $evocation or Sus,ension of the %ccreditation !ertificates
5.7.1 <or the ,ur,oses of this ?rder, a +ata /rotection !ertifier, whose accreditation is revoked or sus,ended,
shall not be deemed accredited from the date that the +-. %ccreditation ?ffice revokes or sus,ends the
certificate, as the case may be.
2.(.2 -he revocation or sus,ension of an accreditation certificate of a +ata /rotection !ertifier shall not affect=
2.(.2.1 %ny agreement, transaction or arrangement entered into by the +ata /rotection !ertifier, whether
the agreement, transaction or arrangement was entered into before or after the revocation or
sus,ension of the accreditation certificate, or
5.7.2.2 %ny right, obligation or liability arising under any such agreement, transaction or arrangement.
2.' %,,eal against $efusal to issue the !ertificate of %ccreditation or $evocationCSus,ension of the !ertificate of
%ccreditation
Where
2.'.1 the +-. %ccreditation ?ffice refuses to grant or renew an accreditation certificate under Section 2.2, or
2.'.2 the +-. %ccreditation ?ffice revokes or sus,ends accreditation certificate under Section 2.1, or
5.8.3 any ,erson who feels aggrieved by the decision of the +-. %ccreditation ?ffice may, within fifteen #12* days
from recei,t of the written notice of the same, a,,eal to the Secretary of the DTI whose decision shall be
final.
5.8.4 .f an a,,eal is made against a decision made by the +-. %ccreditation ?ffice, the +-. %ccreditation ?ffice
may, if a,,ro,riate, defer the e8ecution of the decision, as the case may be, until a decision is made by the
Secretary of the DTI or until the a,,eal is withdrawn.
2.'.2 .n considering whether or not to defer the e8ecution of the decision, the +-. %ccreditation ?ffice shall
consider whether the deferment is ,re0udicial or not to the interests of any subscriber of the +ata /rotection
!ertifier or any other ,arty who may be adversely affected.
5.8.6 When an a,,eal is made to the Secretary of DTI, a co,y of the a,,eal shall be ,rovided to the +-.
%ccreditation ?ffice.
2.'.( 4efore filing the a,,eal, the a,,ellant may file a motion for reconsideration with the +-. %ccreditation ?ffice
within fifteen #12* days from recei,t of the written notice of the refusal to grant or renew the certificate of
accreditation, or of the revocationCsus,ension of the certificate of accreditation. -he ,endency of the said
motion shall sus,end the running of the 12day ,eriod to a,,eal.
Page 6 of 8
2.) !hange in Danagement or /ersonnel
2.).1 %n accredited +ata /rotection !ertifier shall inform the +-. %ccreditation ?ffice of any changes in the
a,,ointment of any ,erson as its director or chief e8ecutive, or of any ,erson to ,erform functions e;uivalent
to that of the chief e8ecutive, within 3 working days from the date of a,,ointment of that ,erson.
5.10 -he following fees shall be collected from the a,,licants and +-. %ccreditation ?ffice accredited certifiers=
2.16.1 %,,lication E %ssessment <ee
#.nitial E $enewal* / 12,666.66

Accreditation &ee
(Pa"able upon issuance of Ori%inal or 'ene(al / 26,666.66
Certificate of Accreditation)

2.16 -he +-. %ccreditation ?ffice shall not refund any fee ,aid if the a,,lication is not a,,roved, withdrawn or
discontinued or if the !ertificate is sus,ended or revoked.

Section 1. .a/ful Access to Personal Data in an Information and (ommunications System

%ccess to ,ersonal data in an information and communications system shall only be authorized in favor of the individual or
entity having a legal right to the ,ossession or the use of the file and solely for the authorized ,ur,oses. .t shall not be made
available to any ,erson or ,arty without the consent of the individual or entity in lawful ,ossession, or in the absence of court
order.

Section (. Obli*ation of (onfidentiality

E8ce,t for the ,ur,oses authorized under these 95uidelines:, any ,erson who obtained access to ,ersonal data in an
information and communications system ,ursuant to any ,ower conferred under the E!ommerce "aw, shall not convey to or
share the same with any other ,erson.
Section '. Security of Data
'.1 -he data controller and data ,rocessor must im,lement a,,ro,riate organizational and technical measures intended
for the ,rotection of ,ersonal data against any accidental or unlawful destruction, alteration, and disclosure as well as
against any other unlawful ,rocessing. -hese measures must ensure a level of security a,,ro,riate to the nature of
the data to be ,rotected and the risks re,resented by the ,rocessing and must be s,ecified in a written document or
its e;uivalent #data ,rocessing regulations a,,roved by the data controller, a contract concluded by the data
controller and the data ,rocessor etc.*.
8.2 -he data controller shall himself ,rocess ,ersonal data andCor shall authorize the data ,rocessor to do so. .f the data
controller authorizes the data ,rocessor to ,rocess ,ersonal data, heCshe must choose a ,rocessor ,roviding
guarantees in res,ect of ade;uate technical and organizational data ,rotection measures and ensuring com,liance
with those measures.
'.3 When authorizing the data ,rocessor to ,rocess ,ersonal data, the data controller shall sti,ulate that ,ersonal data
must be ,rocessed only on instructions from the data controller.
'.7 -he relations between the data controller and the data ,rocessor who is not the data controller shall be regulated by a
written contract e8ce,t where such relations are ,rovided for by laws or other legal acts.
8.5 -he em,loyees of the data controller, the data ,rocessor and their re,resentatives who are ,rocessing ,ersonal data
must kee, confidentiality of ,ersonal data if these ,ersonal data are not intended for ,ublic disclosure. -his obligation
shall continue even after their transfer to another ,osition or u,on termination of em,loyment or contractual relations.

Section ). Pri,acy (omplaints Mechanism
Page 7 of 8
).1 -he ,ur,ose of the section is to ,rovide a onesto, sho, for com,lainants, whether based here in the /hili,,ines
or situated abroad, to re,ort com,laints related to ,ersonal data ,rivacy violations under these guidelines. -he
+-. %ccreditation ?ffice shall establish a /rivacy !om,laints ?ffice and designate a /rivacy !om,laints officer.
-he /rivacy !om,laints ?ffice shall act as a central re,ository of com,laints related to any ,rivacy violations
committed by ,rivate entities under this 95uidelines:.
).2 Within three #3* days from recei,t of any com,laint, the +-. %ccreditation ?ffice shall forward the com,laint to the
relevant government agencyCies concerned. -he +-. %ccreditation ?ffice /rivacy !om,laints ?ffice shall also
,rovide assistance to com,lainants to enable them to file their com,laints before the ,ro,er venue.

Section 16. Separability (lause

.n the event that any of the ,rovision of this ?rder is declared invalid or unconstitutional, all the ,rovisions not affected shall
remain valid and in effect.

Section 11. Effecti,ity

-his ?rder shall take effect after fifteen #12* days following the ,ublication of its full te8t in one #1* news,a,er of general
circulation or in the ?fficial 5azette. .t shall also be ,ublished in the +-. website.
Page 8 of 8