Get Ready for the Philippine Privacy Mark – Sterling International Consulting is Here to Help

The Philippines is strengthening its data privacy landscape with the National Privacy Commission’s (NPC) new Philippine Privacy Mark Certification Program (PPMCP). A crucial foundation for PPMCP success lies in attaining ISO 27001 (Information Security Management) and ISO 27701 (Privacy Information Management System) certifications.  Sterling International Consulting is here to guide you through the entire process, from securing ISO certifications to achieving the coveted PPM.

NPC Outlines New Data Privacy Obligations for Businesses

The National Privacy Commission (NPC) continues to strengthen data privacy in the Philippines with two recently implemented circulars. These new regulations detail specific obligations for personal information controllers (PICs) and personal information processors (PIPs).

Key Requirements

  • Appoint a Data Protection Officer (DPO): Organizations must designate an individual responsible for ensuring data privacy compliance.
  • Data Processing Registry: Maintain detailed documentation of how personal data is collected, used, and stored within systems.
  • Privacy Impact Assessments (PIAs): Conduct regular analyses to evaluate the potential privacy risks of data processing activities.
  • Implement Privacy Management Programs: Establish ongoing programs to govern data management practices aligned with privacy principles.
  • Employee Training: Educate employees on data privacy laws, best practices, and the organization’s privacy policies.
  • Adherence to NPC Directives: Promptly respond to and comply with all NPC orders and instructions.

Additional Security Best Practices

The NPC encourages robust security measures, including:

  • Storage Limitations: Store personal data only for as long as strictly necessary for stated purposes.
  • Industry-Standard Protections: Implement recognized industry standards and practices to secure personal data.
  • Acceptable-Use Policies: Clearly define acceptable employee use of systems handling personal data.
  • Strong Authentication: Protect access to systems with secure login mechanisms.
  • Mobile Device Data Deletion: Have clear procedures for erasing personal data from mobile devices.

Business Continuity Planning

PICs and PIPs must develop and implement a comprehensive business continuity plan addressing:

  • Data Backup and Recovery: Maintain secure backups and the capability to restore personal data in the event of a disruption.
  • Timelines: Set targets for restoration timeframes.
  • Regular Reviews: Include procedures for periodic plan reviews, incorporating privacy assessments, crisis communication strategies, and potential remote work policies.

Philippine Privacy Mark (PPM) Requirements

For organizations seeking the prestigious PPM, the NPC mandates certification in:

  • ISO/IEC 27001: Information Security Management Systems (ISMS)
  • ISO/IEC 27701: Privacy Information Management System (PIMS)

Let’s Get Started

If you need help navigating these new NPC regulations or aim for the Privacy Mark, reach out for a consultation on how to achieve compliance and enhance your data privacy posture! Send us an email at info@iso-certifiaction.ph to get started.

What is the Philippine Privacy Mark?

The Philippine Privacy Mark (PPM) signifies an organization’s adherence to the highest data privacy standards set by the Philippines Data Privacy Act (DPA). It demonstrates the implementation of robust safeguards to protect personal data, reducing the risk of breaches and fostering customer confidence.

ISO 27001 & ISO 27701: The Key to PPMCP

Holding ISO 27001 and ISO 27701 certifications is a mandatory prerequisite for obtaining the PPM. These internationally recognized standards provide frameworks for:

  • ISO 27001: Building a comprehensive Information Security Management System (ISMS) to safeguard data.
  • ISO 27701: Implementing a dedicated Privacy Information Management System (PIMS) aligning with global privacy regulations.

Why Your Company Needs These Certifications

  • PPMCP Eligibility: Secure the mandatory ISO certifications to become eligible for the PPMCP.
  • Strong Privacy Foundation: Establish robust frameworks for handling personal data responsibly, minimizing risks.
  • Customer Trust and Competitive Edge: Showcase your commitment to data security and privacy as a distinguishing factor in the market.

Sterling International Consulting: Your PPMCP Partner with Comprehensive Support

As specialists in international information security and data privacy standards like ISO 27001, ISO 27701, GDPR, SOC 2, PCI, and HIPAA, we possess the in-depth understanding to guide your organization towards PPMCP success. Our services include:

  • Gap Assessments: Comprehensive analysis of your current data privacy processes against PPMCP requirements.
  • Policy and Procedure Development: Creation and refinement of policies to align with the highest privacy standards.
  • Implementation Support: Hands-on assistance to implement technical and organizational measures required by the PPMCP.
  • Employee Training and Awareness: Engaging training programs designed to cultivate a privacy-focused culture throughout your organization.
  • ISO 27001 & ISO 27701 Implementation and Certification: Comprehensive support to implement the necessary systems and achieve ISO 27001 and ISO 27701 certifications.
  • PPMCP Consulting: Once you have the foundational ISO certifications, we provide tailored guidance to meet PPMCP requirements.
  • Training and Awareness: Equip your employees with the knowledge to maintain a privacy-centric approach.

Take the Proactive Step

Don’t delay your data privacy transformation. Achieve the necessary ISO certifications and solidify your PPMCP eligibility, bolstering your business’s reputation as a data privacy leader.

Contact Us

Partner with Sterling International Consulting for a streamlined ISO certification and PPMCP journey. Contact us at info@iso-certification.ph or a phone call at +63 9778151204 today for a consultation and discover how we can elevate your data protection practices.