Does HR data processing require registration under data protection laws?
Data protection laws sometimes include conformity assessments, which help to ensure businesses follow regulations. Requirements can include registration before the Data Protection Authority and random audits.
In the Philippines, Personal Information Processors and Personal Information Controllers (employers) must register with the National Privacy Commission if they are processing personal data and operating in the country under any of the following conditions:
- they employ at least 25 employees;
- the processing includes sensitive personal information of at least 1,000 individuals;
- the processing is likely to pose a risk to the rights and freedoms of data subjects;
- processing is not occasional.
When registering, employers will need to include:
- the name and address of the employer (personal information controller) or personal information processor, and contact information for any representatives;
- the reason for the processing and whether any processing is being completed by a subcontractor;
- a description of the categories of data subjects and the categories of data being processed about them;
- the data recipients or categories of recipients;
- proposed international data transfers;
- description of privacy and security measures that are being followed to protect the data;
- short description of the data processing system;
- copy of data policies, including data privacy, information security and data governance;
- attestation of certifications relating to data processing; and, the
- name and contact information for the compliance/data protection officer.
Employers can register via the National Privacy Commission data registration page:
HR Best Practices: Employers should register with the National Privacy Commission prior to processing employee data. In the event that the Data Protection Officer within your organization changes, make sure to proactively notify the Commission with the new contact’s details.
Led by PeopleDoc’s Chief Legal & Compliance Officer, the HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers, including the global law firm Morgan Lewis, to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where PeopleDoc’s customers have employees. HR Compliance Assist is a service exclusively available to PeopleDoc customers.