Privacy is almost everyone’s concern when signing up for anything on the internet these days. With different types of online threats on the web, everyone’s information could be at risk. In this article, we’ll be sharing to you what GDPR and Data Privacy Law in the Philippines and how each user can benefit from it.

Before we start getting there, let’s talk about GDPR first.

What is GDPR?

GDPR or General Data Protection Regulation is a regulation in EU (European Union) law on data protection and privacy for individuals within the European Union and the European Economic Area. This also addresses the export of personal user data outside the European Economic Area and the European Union.

GDPR can give back personal data back in the hands of an individual and give regulatory authorities more power into acting against businesses that breach this law.

What is Data Privacy Law?

You might have come across different websites and upon checking their Privacy Policy, you will notice the words DATA PRIVACY. But then you might ask again, what is Data Privacy Law? The Philippines’ Data Privacy Act of 2012 or Republic Act 10173 was formed by the National Privacy Commission. This lays forth a set of requirements designed to protect personal user information in both government and private organizations.

This regulation sets out a data privacy accountability and compliance framework that will cover wide range issues such as governance, data security, training, third-party affiliations, and breach notification.

Differentiating GDPR and Data Privacy law

GDPR and data privacy law

These two don’t differ that much. Both privacy laws have the same aim of protecting an individual’s information. This includes racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Both of them have the same purposes The GDPR’s purpose is to enable the free movement of personal data within the Union while protecting fundamental rights and freedoms of natural persons and, in particular, their right to the protection of personal data. While the Data Privacy Law’s purpose is to protect the fundamental human right of privacy while ensuring the free flow of information to promote innovation and growth.

My business is not from the EU or EEA, will my business still be affected by the GDPR? Should I follow it?


Yes. When individuals from EU or EEA are transacting within your business, the GDPR law will be applied. It has an increased territorial scope. Any company that deals with EU businesses, individuals, residents, citizens, and even tourists’ data must comply with the GDPR even if the company does not have a European presence. Even as long as an individual is within the EU, the GDPR applies.

Many companies have no idea if there are any individuals from the EU that visits and transacts with their website. The only thing to keep it safe is to work on being prepared. And that is being familiar with the GDPR and other data privacy laws. Be familiar and aware of your responsibilities as a website owner in order for your clients, customers or subscribers to fully trust your website and company.

What are the penalties if I don’t follow the GDPR and Data Privacy Law?


There are different penalties and that depends on the act that was enacted. When it comes to the Data Privacy Law, there are different penalties that could be given.

The penalty when a business fails to act in accordance to the GDPR and/or Data Privacy Law is a minimum imprisonment of one (1) year to the maximum of seven (7) years with a fine of not less than One million pesos (Php1,000,000.00) up to Seven million pesos (Php7,000,000.00). Again, this depends on the damage or the act that was made.

The penalty can be applied when one of the following has been committed:

  • Unauthorized Processing of Personal and Sensitive Personal Information
  • Accessing Personal Information and Sensitive Personal Information Due to Negligence
  • Improper Disposal of Personal Information and Sensitive Personal Information
  • Processing of Personal Information for Unauthorized Purposes
  • Unauthorized Access or Intentional Breach
  • Concealment of Security Involving Sensitive Personal Information
  • Malicious Disclosure
  • Unauthorized Disclosure
  • Combination or Series of Acts

With the non-compliance with the EU’s GDPR, they introduced an effective, proportionate and dissuasive administrative of fines. There are two tiers of administrative fines that can be levied as penalties for non-compliance, these are up to €10 million to €20 million.

Comply with these data protection laws and secure your website to avoid any breaches that could happen.

Are you in need of a web design company or digital marketing agency in the Philippines that meets the GDPR and data privacy laws? Contact us today and we can help you get your work done!

Related Posts