Announcement

ANNOUNCEMENT

We would like to inform everyone that the Compliance and Monitoring Division (CMD) will be updating one of its mobile numbers. The new contact number that will be used by the CMD is +63 975 058 8355 (Globe). Kindly regularly monitor our website and social media pages for further announcements, and kindly take note of the updated numbers.

We appreciate your cooperation during this transition and apologize for any inconvenience this may cause.

Should you have further questions or concerns, please feel free to contact us through our Hotline:

Email

For the Complete NPC Directory, please click here.

ANNOUNCEMENT: Submission of 2025 Annual Security Incident Report

The deadline for the submission of the 2025 Annual Security Incident Report (“ASIR”) is on 31 March 2026. All Personal Information Controllers and Processors (PIC/PIPs) are required to submit their ASIR regardless of classification on the registration requirement under NPC Circular No. 2022-04.

Please note that ASIR can no longer be updated nor edited once submitted through the Data Breach Notification Management System (DBNMS). If uncertain with the information to be included, the PIC/P may use the “Save as Draft” option. Please be noted that the saved drafted ASIR does not equate to submission until the same is finalized.

If there is an error in the submitted ASIR, request to delete said report by sending an email to [email protected]. Once deleted, proceed to “Create a new report.”

The submission of ASIR shall only be through the DBNMS. Any other modes of submissions shall not be considered valid.

For concerns relating to the DBNMS, please email [email protected].

ANNOUNCEMENT

The National Privacy Commission – Compliance and Monitoring Division hereby informs all PICs and PIPs that the processing of registration applications through the NPCRS is currently experiencing delays. This is due to the influx of submissions received in recent weeks.

It has come to our attention that the surge in registrations is linked to circulating reports of an alleged memorandum requiring physicians to register by 30 November 2025. For clarification, the Commission has not issued any such directive or deadline. Nonetheless, all PICs and PIPs are reminded that registration has been a mandatory requirement since 2017.

Pursuant to NPC Circular No. 2022-04, Section 7, a covered PIC or PIP shall register its newly implemented Data Processing System or inaugural DPO in the NPC’s official registration platform within twenty (20) days from the commencement of such system or the effectivity date of such appointment.

Further, Section 39 of the said circular provides that, “All covered PICS, and PIPs shall complete their Data Processing System and DPO registration within one hundred eighty (180) days from the effectivity of the circular”

We appreciate your patience and understanding as we continue to process registration application as efficiently as possible.

ADVISORY

A reminder to the public that the National Privacy Commission is
currently located on the 25th-27th Floor, The Upper Class Tower, Quezon Avenue, Corner Scout Reyes
Street, Brgy. Paligsahan, Quezon City.

For questions and concerns you may contact us through (+63) 2 5322 1322.

For Complaints:

For Registration and Compliance:

For General Inquiries:

Thank you!

Public Advisory

The National Privacy Commission (NPC), through its Complaints and Investigation
Division, implemented a new Complaint-Affidavit template, which took effect on 01 July 2025.

In line with this, the previous version of the Complaint-Affidavit will no longer be
accepted thirty (30) calendar days from the date of this notice.

To access the new Complaint-Affidavit template, please refer to this link.

For inquiries or further assistance, you may contact us at [email protected].

Thank you for your cooperation.

ADVISORY

Temporary Moratorium on Certain DPCP Activities

To the Public,

In light of ongoing efforts to strengthen the implementation of the Data Privacy
Competency Program (DPCP), and in response to various queries and clarifications received, the National Privacy
Commission hereby issues a temporary moratorium on the processing of licenses and conduct of activities
under the Program.

This includes:

• Acceptance and processing of new applications for licenses to training providers; and
• Implementation of existing licenses, including the conduct of approved training activities.

The moratorium is intended to support the orderly development of the Implementing
Guidelines for NPC Circular
No. 2023-02. This measure ensures alignment with forthcoming standards and safeguards the integrity of
the Program as it transitions to full operationalization.

This moratorium shall remain in effect until formally lifted by the Commission, upon
the issuance of the finalized Implementing Guidelines.

We thank you for your continued understanding and cooperation.

For your information and guidance.

Click here to view the full document.

Do you have

COMPLIANCE, REGISTRATION, BREACH, INCIDENT REPORT

related concerns?

For registration related inquiries, you may reach us through email at [email protected]

For system [NPCRS] related inquiries, please email us at [email protected]

For Breach Notification and Annual Security Incident Report related inquiries, please
email us at [email protected]

DATA PRIVACY COMPETENCY PROGRAM ANIMATED VIDEOS

Under the Data Privacy Competency Program, the National Privacy Commission (NPC)
released a series of animated videos that break down data privacy concepts and principles into bite-sized and
easy-to-understand pieces. The videos are available in English, Tagalog, and Bisaya.

All videos are free for personal and educational use. You may access them
here.

NOTICE OF PUBLIC CONSULTATION: DRAFT NPC CIRCULARS ON THE PHILIPPINE PRIVACY
MARK CERTIFICATION PROGRAM

Concerned organizations, stakeholders, and other interested parties are invited to
submit their valuable inputs regarding the new draft circulars to be implemented by the National Privacy
Commission (NPC).

To access the draft NPC Circulars on the Philippine Privacy Mark (PPM) Certification
Program, please access the following:

1. Certification Scheme for Certification Bodies
2. Certification Scheme for Applicant Organizations
3. Criteria for Data Protection and Privacy Management Systems (DPPMS)

These draft circulars aim to provide guidelines and requirements both for
certification bodies and applicant organizations under the PPM.

The Draft Circular can be accessed at this link:

DIT_Circular-PPM-DPPMS-Requirements

NPC Circular Year Part I

NPC_Circular_PPM-CertSchemePart2

The Commission will conduct a virtual public consultation on 05 December 2024 from
10:00am-12:00pm via MS
Team Link.

Please send your comments/suggestions/opinions and other valuable inputs to [email protected] no later than 12 December 2024.

ANNOUNCEMENT ON DATA PRIVACY COMPETENCY PROGRAM

The Data Privacy Foundational Course is focused on the fundamental and operational
aspects of the DPA essential for anyone who seeks to have a better understanding of the DPA and its application
to actual situations. An overview of the curriculum is now available here.

A Training Provider must satisfy the general requirements provided in Section 5 of
NPC Circular 2023-02. It must also have appointed a Data Protection Officer (DPO) and registered its DPO and
Data Processing Systems, if any, with the NPC. An updated copy of the Training Provider Application Form is
available here.

Interested and qualified Training Providers for the Data Privacy Foundational Course
may submit the accomplished Training Provider Application Form and supporting documents to the NPC (General
Records Unit) beginning 15 May 2024. Please address your submission to the Data Privacy Competency Program
Committee (DPCPC).

For questions, please contact us at [email protected]

.

ANNOUNCEMENT ON RENEWAL OF NPCRS REGISTRATION

All Data Protection Officers (DPOs) are advised to monitor their NPCRS platform for
notifications on their renewal. Notifications in the NPCRS are triggered thirty (30) days before expiration of
current registration. As such, all Personal Information Controllers (PICs), Personal Information Processors
(PIPs), and Individual Professionals should endeavor to renew their registration within the 30-day period to
avoid erasure of the details of their prior registration from the system.

Submission through email, personal filing, ordinary mail, licensed courier service
and other mode of physical submission shall not be considered valid.

For registration related inquiries, you may reach us through email at [email protected]

For system [NPCRS] related inquiries, please email us at [email protected]

Compliance and Monitoring Division

WARNING
AGAINST MISREPRESENTATION AND FALSE INFORMATION IN DATA PROCESSING SYSTEM REGISTRATION

Online payment on fees and
charges

Service Request and Assessment Form for the
Schedule of Fees and Charges of the National Privacy Commission

ANNOUNCEMENT ON DPS REGISTRATION

With the launch of the National Privacy Commission Registration System (“NPCRS”) and
the effectivity of NPC Circular No. 2022-04 on 11 January 2023, the Commission will no longer
accept new registration, amendments, and renewal of registration except through the NPCRS
portal.

Submission through email, personal filing, ordinary mail, licensed courier service
and other mode of physical submission shall NOT be considered valid.

NPC Circular No. 2022-04 can be accessed through this Link

All PICs/PIPs are directed to create an account, through its Data Protection Officer,
and register Data Processing Systems at Link.

For registration related inquiries, you may reach the us through email at [email protected]

For system [NPCRS] related inquiries, please email us at [email protected]

Compliance and Monitoring Division

ACCEPTANCE OF THE PRINTED EPHILID AS VALID PROOF OF IDENTITY AND AGE IN ALL SERVICES
OF THE NATIONAL PRIVACY COMMISSION

The National Privacy Commission accepts the various formats of the PhilSys digital
ID, including the printed ePhilID, as a valid and sufficient proof of identity and age subject to authentication
through the PhilSys Check. Please refer to the Philippine
Statistics Authority Public Advisory dated 30 September 2022 and a sample
of the official format of the printed ePhilID for reference.

Announcement regarding the submission of Personal Data Breach
Notifications (PDBN) and Annual Security Incident Reports (ASIR)

With the launch of the DBNMS, the NPC will no longer accept Breach Notification and
Annual Security Incident Report submissions except through the DBNMS online platform. Thus, submissions through
email, personal filing, ordinary mail, licensed courier service, and any other mode of physical submission shall
not be considered as valid.

All Personal Data Breach Notifications and Annual Security Incident Reports shall be
submitted through https://dbnms.privacy.gov.ph .

See the Guidelines on the Issuance of Certificate of Pending/No Pending Case here
and the Request for Certificate of Pending/No Pending Case Form here.

Send your requests to [email protected]
with the subject "CPNPC Request_<name of entity/individual>"

Advisory on modified in-person or face-to-face hearing of cases for all parties with
pending hearings with the NPC download here

There is an easier and safer way to file your complaints before the National Privacy
Commission through the improved COMPLAINTS-ASSISTED FORM (CAF). Download the new version of the form here. Do not forget to attach a copy of your supporting documents.

For inquiries, email us at [email protected]

For complaints, send your complaints-assisted form to [email protected]