THE European Innovation, Technology and Science Center (EITSC) is set to provide programs and solutions that will allow all Philippine Economic Zone Authority (Peza) locators nationwide to be data-privacy compliant.
In a memorandum of agreement (MOA), the EITSC is set to conduct trainings and workshops with companies inside the economic zones that will allow them to be compliant with Republic Act, 10173, or the Data Privacy Act, under the Peza Data Protection Program.
“Peza locators can set the example for other companies in the Philippines in terms of data protection, data security, cybersecurity and cyber crime. We need to be internationally compliant especially now with the European Union’s [EU] General Data Protection Regulation set to be enforced on May 25,” EITSC President Henry Schumacher said.
Under the law, a company should have an appointed data-protection officer, conducts privacy-impact assessment, create privacy knowledge management program, implement privacy and data-protection policy, and exercise breach reporting procedure.
Meanwhile, the European Commission has the power to determine whether a country outside of the EU is compliant with its General Data Protection Program (GDPR).
In Asia only Japan and South Korea are in adequacy talks with the European Union.
For her part, Peza Director General Charito Plaza said they fully appreciate the EITSC partnering with the economy zone authority to have all their locators compliant.
“We are mandating all companies to be compliant with the Data Privacy Act and with international protocols, as it will be a source of competitiveness for them,” Plaza said.
Both the EITSC and Peza have agreed to start the program next month in Cavite, the country’s largest economic zone with 350 locators and employing over 89,000 workers.
The economic zone has Japanese, Korean, American and European companies that are mostly involved in the electronics, garments and plastic industries.
Under the MOA, both the Peza and EITSC will jointly come out with measures to ensure data-privacy protection and cyber-security measures among locators and for them to fully comply with data security regulations and implement the required compliance process.
The EITSC will also provide solutions that will enable locators to assess their risks and processes, introduce controls and policies, and give them the capacity to respond to incidents of data breaches.
Offenses under the Data Privacy Act are punishable by up to seven years imprisonment and up to P7 million in fines depending on the nature and degree of violation, while the EU can set a maximum penalty of €20 Million for noncompliance of its GDPR.