NPC Compliance & Data Privacy Act:

Achieve Full Compliance with the Philippine Data Privacy Act & NPC Requirements

The Data Privacy Act of 2012 (RA 10173) governs the protection of personal data in the Philippines. The NPC has issued critical circulars that organizations must comply with:​

• NPC Circular 2023-06: Updated minimum security requirements for personal data in government and private sector. Requires Privacy Impact Assessments (PIAs) for every processing system, a control framework for data protection, and privacy-by-design implementation. The compliance deadline was 30 March 2025.
• NPC Advisory 2017-01: Mandates designation of a Data Protection Officer (DPO) with specialized knowledge.​
• 72-hour breach notification: Organizations must notify affected individuals and the NPC within 72 hours of discovering a personal data breach.
• NPC Registration: Required for organizations with 250+ employees, processing sensitive personal information of 1,000+ individuals, or processing data posing risk to data subjects.

Gardoce Services:

• DPA compliance assessment and readiness review
• Privacy Impact Assessment (PIA) execution
• Data Protection Officer (DPO) as-a-service or DPO advisory
• Privacy Manual development
• NPC registration assistance
• Data breach response plan development
• Third-party/vendor privacy compliance review
• NPC Circular 2023-06 security control implementation
• Philippine Privacy Mark (PPM) readiness program