Top 5 Things you should know about the DPA

STILL not sure how the Data Privacy Act (DPA) applies to your business? This list contains the essentials about the Philippine data-privacy regulations that you have to comply with, whether you like it or not.

Companies have been preparing for it for a while but, if you’re still in the dark, it’s not too late to get up to speed before the National Privacy Commission (NPC) catches you.

Here are five things to know about the Data Privacy Act:

1. It’s about data privacy


It attempts to give Philippine citizens more control over what data companies collect, store, and use.

2. It definitely applies to your business

The DPA applies to every citizen of the Philippines and any business entity that transacts with them. Sell a t-shirt to a Frenchman? You need to deal with the European Union’s General Data Protection Regulations GDPR also.

3. It’s pretty much any kind of data

Anything related to a person that can be used directly, or indirectly, to identify them is now regulated. And this is not limited to your employees; it involves your clients, your stakeholders, your mailing list, etc.

4. You have to get explicit permission to process personal data, and your request must be in clear language

You can’t use long legal documents or hide things in a privacy policy. And it has to be as easy to withdraw consent as it was to give it.

5. Penalties are big

If an enterprise violates the practices of the DPA, it can be fined up to P5 million and jail terms for the executive of up to seven years.

Those are the big things, but there are loads of other considerations like the right to be forgotten, data portability and more. Hopefully these help get you wrap your head around the issue.

When you’re ready for more, we at EITSC have a comprehensive guide to the topic and are running workshops to get you up to speed.

With the Philippines building its future business on big data, let’s clearly understand….

Why big data is a big privacy issue

Big data analytics has the power to provide insights about people that are far and above what they know about themselves. And, with great power there must also come—great responsibility. Such is the responsibility of the oracle—thus, oracular responsibility. In fairness, this problem existed before big data, but it wasn’t a huge risk until big data analytics gave us the tools and techniques to be highly accurate with our predictions.


Your social security number is probably sitting in multiple databases out there and if one of those databases is breached, you have a huge problem.

When you realize that others are looking into understanding your user-behaviors, this is going to freak you out even more. It gets worse. Imagine, they are start connecting the dots from different areas of your life—your interests, shopping habits, political views, religious views, associates, professional development.

The most sophisticated practitioners of big data analytics go all the way up the pyramid to wisdom, where this knowledge (about you) is tracked over time and curated into a very personal profile. Breach or not, most people would feel very uncomfortable knowing that someone or something knows that much about them.

I consider this the biggest privacy issue faced by those practicing the dark arts of big data analytics.

I am looking forward to your comments—e-mail me at [email protected]

Image Credits: NikolayaNtoNoV |

Turning Points 2018
Suntrust banner2