DATA PROTECTION OFFICER – FINEX FILES
REYNALDO LUGTU, JR.
affected data subjects shall be noti knowledge of, or when there is reasonable belief by the personal information controller or personal information processor that, a per - cation has occurred. The personal information controller shall notify the NPC by submitting a report, whether written or electronic, containing the required contents of include the name of a designated representative of the personal information controller, and his or her contact details.
The importance of the appoint DPA cannot be overemphasized, as they will own the compliance of the organization. Many CEOs I spoke with have appointed their facto DPO.
But increasingly, there have been job postings for a DPO in Linkedin over the past month. Typical look for include a background in both law and information tech - tion, with relevant experience in managing data processing systems and handling compliance audits. Interestingly, one job posting says “able and willing to perform the responsibilities and assume risks of a DPO;” and why? Organizations that will not comply with the DPA will face sanctions and penalties, which range from one year to of not less than P500,000 and not more than P5 million, depending on the violation.
We hope that the NPC extends the compliance deadline to a later date to allow organizations to prepare and ultimately comply. In this information age, compliance with data protection regulations is considered by organizations as a competitive advantage in their business operations.