THE NATIONAL Privacy Commission (NPC) will end the validity of current registrations to process or control personal information after it launches its automated registration system in July.
NPC in a statement on Friday said the validity of Personal Information Controllers (PIC) and Personal Information Processors (PIP) registrations ends on Aug. 31.
Registrations that were completed by 2018 were previously valid until March 8. The same registrations are now extended up to the end of August.
“The PICs and PIPs covered by the extension are those that previously completed at least Phase-I of their NPC registration,” the statement said.
PICs process or instruct another to process personal data, while PIPs are outsourced or instructed to process personal data.
NPC said those who have not yet registered are required to do so with their data protection officer immediately to avoid liabilities.
PIPs and PICs are subject to compliance checks and NPC cases that result in the issuance of compliance orders.
Under the implementing rules and regulations of the Data Privacy Act of 2012, unauthorized processing of personal information without the consent of the data subject is given a penalty of imprisonment between one to three years, or a fine of P500,000 to P2 million.
Possible imprisonment extends to three to six years and fines grow to P500,000 to P4 million for unauthorized processing of sensitive personal information.
Personal information includes any data that make apparent the identity of an individual.
“Sensitive” personal information includes race, ethnic origin, marital status, health, education, sexual life, social security numbers, and tax returns, among others.
The NPC will begin accepting registrations through its automated system on July 1. — Jenina P. Ibañez