The National Privacy Commission (NPC) of the Philippines conducted its second virtual public consultation on 22 March 2023 on a draft circular on the prerequisites for the Philippine Privacy Mark (PPM) Certification Program.
The draft circular sets out specifically the prerequisites for the certification of personal information controllers (PICs) and personal information processors (PIPs), and would also apply to all certification bodies (CBs) that would seek accreditation under the PPM.
Based on the draft, the circular once issued would require PICs or PIPs to be certified with the ISO/IEC 27001 - information security management system (ISMS) and ISO/IEC 27701 - privacy information management system (PIMS) before applying for PPM certification.
The same requirement would apply to CBs prior to applying for accreditation under the PPM.
Get our free Data Protection Impact Assessment (DPIA) Cheat Sheet. Log in as a DPEX Network member (sign-up is free) to download.
Watch the video on how ISO certifications differ from other certifications here.
Originally launched in November 2021 as the Philippine Privacy Trust Mark or PPTM, the certification aims to increase trust and confidence in businesses and public offices by offering the highest level of assurance on data privacy compliance and secure cross-border data transfers.
It is a voluntary program and is only applicable to organisations’ management systems.
Former NPC commissioner Raymund Liboro said the certification was opportune as the Philippines would “fully embrace digitalisation for our economic recovery” after the Covid-19 pandemic, and that it would “strengthen the foundation of trust” for online activities.
For consumers, he said that the certification would enable them to make informed choices and have greater control over the personal data collected from them, and help them identify [certified] organisations that they can trust with their personal information.
PPM-certified PICs and PIPs are required to establish, implement and continually improve their management systems, and demonstrate operational compliance with the Data Privacy Act of the Philippines.
The NPC will be releasing additional guidelines in the near future pertaining to the certification scheme for PICs, PIPs and CBs.
To find out how to meet the ISO prerequisites of the Philippine Privacy Mark (PPM) in the Philippines, please schedule a 20-minute strategy call or contact sales@straitsinteractive.com to get your queries answered.
View our Philippines DPA infographic here.
When it comes to ISO, an organisation should be able to demonstrate the mandatory documents and records required by the ISO 27001/27701 standard.
“Usually, auditing and certifying bodies will require you to show these mandatory documents and records over several cycles, to prove that you are
Get access to news, enforcement cases, events, and actionable tips and guides
Get regular email updates and offers
Job opportunities, mentorship and career guidance
Exclusive access to Data Protection community - ask questions, network and share knowledge with peers and experts via WhatsApp and Linkedin
DPEX Network is a Community Initiative of Straits Interactive.
Copyright © Straits Interactive Pte Ltd. All Rights Reserved.
All intellectual property rights to logos and brands featured on this website remain the property of their respective owners.