Data Privacy Workshop

DATE(s): August 30, 2017
New World Makati Hotel

For years, business advocated for a Data Privacy Law. We finally got it. Then we advocated for the implementation of the law. It eventually happened with the establishment of the National Privacy Commission (NPC). The NPC then drafted the Implementing Rules and Regulations, which will take full effect by September this year.

Are we happy? Yes and no.

Yes – because we wanted private data to be protected and we wanted to offer that protection in the Philippines which is good for companies doing international business and are processing data.

No – the implementation of the Law is complicated, opens doors to nuisance legal action, requires the employment of data privacy officers, and makes company executives criminally liable for data privacy breaches.

Does the Law and its IRR affect the Philippines as a destination for data processing, data mining and data analytics?

This workshop will discuss the complex situation, explain the rules and will outline the implementation process.

Why should the C-Level attend with its implementers?

  • They will benefit from being Data Privacy compliant, which is important for doing business internationally;
  • This will help them avoid risks


Time Topic Session Coverage Target Audience
08:30 Registration    
09:00 Welcome
09:15 Introduction to the Data Privacy Act of 2012 Overview of RA 10173, Rights of a Data Subject and Obligations of PIC’s and PIP’s; ex of LGU as a PIC (vaccination case) C-Level Executives + Implementing Staff (IT, Finance, HR, Operations, Functional Managers)
10:00 Module 1: Appoint a Data Privacy Officer
Activity: 20 questions to help you determine whether you need a full-time DPO
Present the roles and responsibilities of a Data Privacy Officer versus that of a Compliance Officer. Do the 20-question assessment and compare your risk rating with the other participants. (Handouts: DPO Advisory, 20-question assessment) C-Level Executives + Implementing Staff (IT, Finance, HR, Operations, Functional Managers)
10:35 Open Forum
11:00 Module 2: Conduct a PIA
Workshop: Privacy Impact Assessment and Privacy by Design
In plenary, work on the vaccination case. In workgroups, participants will work on case studies to identify privacy risks. Using PbD, they will then identify some possible controls. Groups may use the case studies provided, or use their own. (Handouts: Case worksheets, Circular 16-02, Role Cards) Implementing Staff (IT, Finance, HR, Operations, Functional Managers)
12:00 Working Lunch
01:15 Group Reports
01:30 Module 3: Create a Data Privacy Manual
Activity: Draft a privacy notice for your company’s website
Be familiarized with the contents of a data privacy manual and show samples of privacy notices Implementing Staff (IT, Finance, HR, Operations, Functional Managers)
02:15 Module 4: Implement Data Protection Measures
Workshop: Safety and Security Tips
Overview of Circular 16-01 and round-robin workshop on safety and security tips. (Handouts: Circular 16-01, Tip cards)
Implementing Staff (IT, Finance, HR, Operations, Functional Managers)
03:15 Open Forum
03:45 Module 5: Handling Data Breaches
Workshop: Identifying your Top Threats
Overview of Circular 16-03 and “charades” activity to act out (and identify) what are the participant’s top threat vectors.
Implementing Staff (IT, Finance, HR, Operations, Functional Managers)
04:45 Closing and Photo Session Remind participants to accomplish evaluation forms  


Php 13,000 – C-Level Executive + 1 Implementing Manager
Php 6,000 – for every additional implementing manager
Php 3,500 – C-Level attendees attending only in the morning
** It is required to have a C-Level attendee attend with at least 1 implementing manager
** Prices exclude 12%vat

Download Reply Form

For confirmations and more information, please contact Ms. Jasmin Runez of ECCP at 845 1324 or email