Employee Data Privacy

Republic of the Philippines - Data Protection Officer

 Download as a PDF

What is, and which organizations have to appoint a DPO?


A Data Protection Officer (DPO) is a person in charge of verifying the compliance of personal data processing with the applicable law. The DPO communicates information on processing personal data such as its purposes, interconnections, types, categories of data subjects, length of retention and department(s) in charge of implementing processing. DPOs may be required by law or recommended.


Employers (and other information controllers and processors) must designate a DPO who is accountable for compliance with the Data Privacy Act and associated rules and regulations relating to privacy and data protection. The DPO’s responsibilities include:

  • monitoring compliance with the DPA and its implementing rules and related regulations;
  • ensuring the conduct of Privacy Impact Assessments;
  • advising the employer regarding complaints and/or the exercise by data subjects of their rights;
  • ensuring proper data breach and security incident management;
  • cultivating awareness on privacy and data protection;
  • advocating for the development, review and revision of data privacy guidelines; and,
  • serving as the employer’s contact person.

Note that with the National Privacy Commission’s approval, a group of related companies can appoint/designate a DPO to be primarily accountable for ensuring data protection compliance across the entire group. In this case, each company would still need to have a Compliance Officer for Privacy (COP).

A DPO or COP’s contact details must be accessible to concerned parties and must be published on the company’s website and included in privacy notices, privacy policies and privacy guides. The contact details should include the title/designation, postal address, dedicated phone number, and dedicated email address. The individual’s name does not need to be published, but should be available if requested (NPC Advisory No. 2017-01 – Designation of Data Protection Officers).


UKG's HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where UKG's customers have employees. HR Compliance Assist is a service exclusively available to UKG customers.

Share Your Feedback

Let's Talk