THE NATIONAL Privacy Commission (NPC) has laid down the guidelines on cross-border data transfer standards that companies can voluntarily follow to protect customer data transferred across jurisdictions in Southeast Asia.

Businesses can voluntarily adopt model contract clauses, or legally binding contracts that protect customer data. These firms can modify the clauses to align them with their domestic privacy laws.

Companies can also adopt data management frameworks, or the non-binding guidance for ASEAN businesses to put up data management systems, the NPC said in a statement on Wednesday.

Approved in an ASEAN digital ministers meeting in January, both tools aim “to promote the growth of trade and flow of information in the ASEAN internet economy.”

Privacy Commissioner Raymund E. Liboro last month said that companies’ data privacy representatives should invest in earning certifications that would help companies build up their reputations.

The ASEAN digital economy, the commission said, has grown in response to a fast-growing internet user base that has adopted e-commerce and ride hailing platforms.

“Given the great shift to digitalization during this pandemic, the region can surely exceed the $240 billion (gross merchandise value) it is projected to attain by 2025. But as early as now, we must ensure that the Philippines will have a slice of that growth,” Mr. Liboro said in the statement.

He said businesses should use these cross-border standards to improve their competitiveness in capturing new markets.

“What companies do to safeguard their customers’ data from hacks, unauthorized access and other emerging threats is what is defining competitiveness today.”

The commission plans to launch more projects to help smaller companies hit hard by the pandemic to conform to the ASEAN standards. — Jenina P. Ibañez