ɫ

Book a demo

Data Protection Privacy Notice Template for the Philippines

Generate a bespoke document

  • England and Wales
  • Scotland
  • Northern Ireland
  • Ireland
  • United States
  • Alabama (USA)
  • Alaska (USA)
  • Arizona (USA)
  • Arkansas (USA)
  • California (USA)
  • Colorado (USA)
  • Connecticut (USA)
  • Delaware (USA)
  • Florida (USA)
  • Georgia (USA)
  • Hawaii (USA)
  • Idaho (USA)
  • Illinois (USA)
  • Indiana (USA)
  • Iowa (USA)
  • Kansas (USA)
  • Kentucky (USA)
  • Louisiana (USA)
  • Maine (USA)
  • Maryland (USA)
  • Massachusetts (USA)
  • Michigan (USA)
  • Minnesota (USA)
  • Mississippi (USA)
  • Missouri (USA)
  • Montana (USA)
  • Nebraska (USA)
  • Nevada (USA)
  • New Hampshire (USA)
  • New Jersey (USA)
  • New Mexico (USA)
  • New York (USA)
  • North Carolina (USA)
  • North Dakota (USA)
  • Ohio (USA)
  • Oklahoma (USA)
  • Oregon (USA)
  • Pennsylvania (USA)
  • Rhode Island (USA)
  • South Carolina (USA)
  • South Dakota (USA)
  • Tennessee (USA)
  • Texas (USA)
  • Utah (USA)
  • Vermont (USA)
  • Virginia (USA)
  • Washington (USA)
  • West Virginia (USA)
  • Wisconsin (USA)
  • Wyoming (USA)
  • Austria
  • Denmark
  • France
  • Germany
  • Lithuania
  • Luxembourg
  • Malta
  • Netherlands
  • Poland
  • Portugal
  • Romania
  • Slovakia
  • Slovenia
  • Spain
  • Sweden
  • Switzerland
  • Australia
  • New Zealand
  • Singapore
  • Hong Kong
  • India
  • Malaysia
  • Pakistan
  • United Arab Emirates
  • Qatar
  • Saudi Arabia
  • South Africa
  • Nigeria
  • Canada
  • Brasil
  • Monaco
  • Bermuda
  • Cayman Islands
  • Gibraltar
  • Isle of Man
  • Mauritius

What is a Data Protection Privacy Notice?

The Data Protection Privacy Notice is a mandatory document under the Philippines Data Privacy Act of 2012 (RA 10173) for organizations that collect and process personal information. It must be provided to data subjects before or at the time of data collection and serves as a primary mechanism for transparency in data processing activities. The notice should be written in clear, simple language and must include specific information required by law, such as the purposes of processing, data subject rights, and security measures implemented. This document is particularly crucial in the Philippine context, where data privacy regulations are strictly enforced by the National Privacy Commission, and violations can result in significant penalties. Organizations should regularly review and update their privacy notice to reflect changes in their data processing activities or regulatory requirements.

Frequently Asked Questions

Is a Data Protection Privacy Notice legally required in the Philippines?

Yes, under the Philippines Data Privacy Act of 2012 (RA 10173), organizations must provide a Data Protection Privacy Notice to data subjects before collecting their personal information. The National Privacy Commission enforces this requirement, and failure to provide proper notice can result in penalties ranging from PHP 500,000 to PHP 5,000,000.

What penalties apply if my company operates without a proper Data Protection Privacy Notice in the Philippines?

Operating without a compliant Data Protection Privacy Notice violates RA 10173 and can result in administrative fines of PHP 500,000 to PHP 5,000,000 imposed by the National Privacy Commission. Additionally, affected data subjects may file complaints or seek damages for violations of their privacy rights.

How does a Data Protection Privacy Notice differ from Terms of Service in Philippines law?

A Data Protection Privacy Notice specifically addresses personal data collection, processing, and protection as required by RA 10173, while Terms of Service govern the general use of products or services. The privacy notice must include specific elements like data retention periods, third-party sharing, and data subject rights under Philippines law.

How long does it typically take to prepare a Data Protection Privacy Notice for Philippines compliance?

Creating a compliant Data Protection Privacy Notice typically takes 1-3 weeks, depending on your organization's complexity and data processing activities. This includes reviewing your data flows, consulting NPC guidelines, drafting the notice, and having it reviewed for compliance with RA 10173 requirements.

Which specific information must be included in a Philippines Data Protection Privacy Notice?

Under RA 10173 and NPC regulations, your notice must include the identity of the data controller, purposes of processing, types of personal data collected, retention periods, third-party recipients, data subject rights, and contact information for privacy concerns. It must be written in clear, plain language accessible to Filipino data subjects.

Can I use a generic international privacy notice template for my Philippines business?

No, you should not use generic international templates as they likely won't comply with Philippines-specific requirements under RA 10173. The National Privacy Commission has specific disclosure requirements, data subject rights, and notification procedures that differ from other jurisdictions like GDPR or CCPA.

Common mistakes businesses make when creating Data Protection Privacy Notices in the Philippines?

Common mistakes include using vague language about data processing purposes, failing to specify data retention periods, not including all required data subject rights under RA 10173, omitting contact information for the Data Protection Officer, and not updating the notice when business practices change. These errors can lead to NPC penalties.

Reviewed by

Legal Engineer, GenieAI

A lawyer, legal researcher and legal tech founder, Swetha has built AI products deployed inside Tier 1 firms and enterprises. She ensures GenieAI's alignment with the latest regulation and executes testing on the legal robustness of Genie output.

Reviewed by

Legal Engineer, GenieAI

A Skadden-trained M&A lawyer, Imad advised on cross-border transactions and contractual risk before moving into legal AI. He reviews GenieAI's output for compliance and enforceability across our 150+ supported jurisdictions, as well as facilitating external benchmarking.

Jurisdiction

Philippines

Reviewed by

&

Publisher

GenieAI

Category

Privacy Policy

Sector

Business

Cost

Free to use

Last updated

About the Data Protection Privacy Notice

A Data Protection Privacy Notice is a fundamental legal requirement under the Philippines Data Privacy Act of 2012 that establishes transparency between organizations and individuals whose personal data is being collected. This document serves as your organization's formal commitment to protecting personal information and ensures compliance with strict National Privacy Commission regulations.

When do you need this document?

You must provide a Data Protection Privacy Notice before or at the time of collecting any personal information from individuals in the Philippines. This applies whether you're running a retail business collecting customer details, operating a healthcare facility gathering patient information, managing employee records, or providing online services that require user registration. Educational institutions need this notice when enrolling students, while financial services companies must provide it before opening accounts or processing loan applications. Any organization that collects personal data through websites, mobile apps, surveys, or physical forms is legally required to have this notice in place.

Key legal considerations

Your privacy notice must include several mandatory elements under RA 10173 and its implementing regulations. You need to clearly identify yourself as the data controller, specify the types of personal and sensitive personal information you collect, and explain the legal basis for processing. The notice must detail all purposes for which data will be used, describe your data retention periods, and outline the security measures you've implemented. You're required to inform data subjects of their rights, including access, correction, deletion, and portability rights, plus provide contact information for your Data Protection Officer if applicable. The notice must also disclose any third-party data processors or international data transfers, and explain your breach notification procedures.

Legal requirements in Philippines

Under Philippines law, your Data Protection Privacy Notice must comply with specific National Privacy Commission guidelines and circular requirements. The notice must be written in Filipino, English, or the local language of your target audience, using clear and simple terms that ordinary individuals can understand. You're required to make the notice easily accessible and prominently displayed, whether on your website, mobile application, or physical premises. The NPC mandates that you regularly review and update your privacy notice to reflect changes in your data processing activities or legal requirements. Organizations must also ensure that consent obtained through the privacy notice meets the lawful, specific, and informed standards required by RA 10173. Failure to provide an adequate privacy notice can result in penalties ranging from PHP 500,000 to PHP 5,000,000, plus potential criminal liability for responsible officers.

GOVERNING LAW

Applicable law

This Data Protection Privacy Notice is drafted to comply with Philippines law. Key legislation includes:








Explore 208,390+ legal templates

Explore 208,390+ legal templates

Genie's Security Promise

Genie is the safest place to draft. Here's how we prioritise your privacy and security.

Your data is private:

We do not train on your data; Genie's AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

We are ISO27001 certified, so your data is secure

Organizational security:

You retain IP ownership of your documents and their information

You have full control over your data and who gets to see it