In the evolving regulatory landscape, data privacy in local government units has become a critical governance concern. With increasing reliance on digital systems for public services, LGUs must ensure strict data privacy compliance under the Data Privacy Act of 2012 and related issuances. A competent data privacy lawyer can assist LGUs in navigating these technical and legal requirements, particularly in light of DILG Memorandum Circular No. 2024-135, which updates prior rules on registration, designation, and compliance mechanisms.
This issuance aligns LGU obligations with NPC Circular No. 2022-04 and imposes specific duties that must not be overlooked:
1. Registration of Data Processing System
All LGUs, acting as Personal Information Controllers, are required to register their data processing systems with the National Privacy Commission through the NPC Registration System. This includes systems that process personal or sensitive personal information, especially those involving automated decision-making or profiling. Even outsourced systems must be registered, ensuring full accountability across all data processing activities .
2. Mandatory Appointment of Data Protection Officer
LGUs must appoint a Data Protection Officer (DPO) with a rank equivalent to a department head. This ensures that data privacy compliance is institutionalized at a high level of authority. Notably, barangays are not required to appoint independent DPOs but may designate Compliance Officers for Privacy under the supervision of the city or municipal DPO .
3. Mandatory Display of Seal of Registration
Upon successful registration, LGUs are issued a Certificate of Registration and a Seal of Registration. The circular mandates that the seal be displayed prominently at the main entrance of LGU offices and, where applicable, on official websites or privacy notice pages. This promotes transparency and builds public trust in government data handling practices .
Failure to comply with these requirements may expose LGUs to administrative liability under applicable NPC rules and regulations. Beyond mere registration, compliance requires continuous monitoring, documentation, implementation of data protection policies, and submission of compliance reports.
If your LGU or organization requires guidance on data privacy compliance, consult a qualified data privacy lawyer to ensure full adherence to regulatory standards. Our team assists in DPO designation and registration, data processing system registration, policy drafting, and audit readiness.
For legal assistance, contact us at inquiries@mpeclaw.com or call (+63) 968 679 6617. Ensure your compliance today and safeguard the trust of the public you serve.