The National Privacy Commission (the “NPC”) has finalized and released NPC Circular No. 2022-01 entitled Guidelines on Administrative Fines (the “Guidelines”). A copy of the Guidelines may be accessed at the NPC’s website via this link.
The Guidelines imposes administrative fines for violations of the provisions of the Data Privacy Act (“DPA”), its Implementing Rules and Regulations and the issuances of the NPC incurred by Personal Information Controller (“PIC”) or Personal Information Processor (“PIP”) within the range of penalties provided under the Guidelines. The liability of the PIC or PIP will be based on the infractions defined in the Guidelines, further classified as Grave, Major or Other Infractions, and not based on the act of the PIC or PIP.
The Guidelines also provide for penalties for acts falling under Other violations, which shall be subject to a fixed penalty:
- Failing to register the true and updated information with the Commission the identity and contact details of the PIC, the data processing system, and information on automated decision making, pursuant to Sections 7(a), Section 16, and 24 of the DPA and its corresponding implementing issuances shall be penalized with a fine within the range of PhP50,000.00-PhP200,000.00; and
- Failure to comply with any Order, Resolution, or Decision of the NPC, or of any of its duly authorized officers shall be subject to an additional administrative fine not exceeding PhP50,000.
The Guidelines is scheduled to take effect on 27 August 2022, which is fifteen days after its publication in a newspaper of general circulation last 12 August 2022.