DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

๐Ÿ‡ต๐Ÿ‡ญ Philippines

DPA

Data Privacy Act of 2012

In short
The Philippines Data Privacy Act requires consent as a common basis for processing, defined as freely given, specific and informed indication of will, with stricter rules for sensitive personal information.
Region

Philippines

Status

In force since 2012

Group

Asia & Africa

Who must comply

Personal information controllers and processors that process personal data of individuals in the Philippines, including some processing carried out abroad.

Penalties

Fines up to PHP 5 million and imprisonment depending on the offense, with separate penalties per violation.

Key obligations

  • Obtain freely given, specific and informed consent where required
  • Provide notice of purpose and rights before collection
  • Honor access, correction, erasure and objection rights
  • Register data processing systems and appoint a data protection officer
  • Notify breaches to the commission and affected individuals

How ConsentX helps

Freely given, specific opt-in consent capture

Purpose and rights notice in the banner

Rights request workflow with evidence

Consent receipts for audit

Region rule engine tuned for the Philippines

Get DPA ready with ConsentX

Get started free Book a demo

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with DPA using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under DPA.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that DPA requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a DPA audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

Does the Philippines require consent for processing?+

Consent is a common lawful basis and must be freely given, specific and informed, with stricter handling for sensitive information.

Who enforces the Data Privacy Act?+

The National Privacy Commission, the NPC, administers and enforces the law.

Countries under DPA

๐Ÿ‡ต๐Ÿ‡ญ Pilipinas

Other regulations

๐Ÿ‡ช๐Ÿ‡บ GDPR๐Ÿ‡ฌ๐Ÿ‡ง UK GDPR๐Ÿ‡บ๐Ÿ‡ธ CCPA / CPRA๐Ÿ‡บ๐Ÿ‡ธ VCDPA๐Ÿ‡บ๐Ÿ‡ธ Colorado CPA๐Ÿ‡บ๐Ÿ‡ธ CTDPA๐Ÿ‡บ๐Ÿ‡ธ UCPA๐Ÿ‡บ๐Ÿ‡ธ TDPSA๐Ÿ‡บ๐Ÿ‡ธ Oregon OCPA๐Ÿ‡บ๐Ÿ‡ธ Montana MCDPA๐Ÿ‡บ๐Ÿ‡ธ Florida FDBR๐Ÿ‡ง๐Ÿ‡ท LGPD๐Ÿ‡จ๐Ÿ‡ฆ PIPEDA๐Ÿ‡ฎ๐Ÿ‡ณ DPDPA๐ŸŒ PDPA๐Ÿ‡ฟ๐Ÿ‡ฆ POPIA๐Ÿ‡จ๐Ÿ‡ญ FADP๐Ÿ‡จ๐Ÿ‡ฆ Law 25๐Ÿ‡ฒ๐Ÿ‡ฝ LFPDPPP๐Ÿ‡ฆ๐Ÿ‡ท PDPL๐Ÿ‡จ๐Ÿ‡ฑ Law 21.719๐Ÿ‡จ๐Ÿ‡ด Law 1581๐Ÿ‡ต๐Ÿ‡ช Law 29733๐Ÿ‡บ๐Ÿ‡พ Law 18.331