DATA PRIVACY PROTECTION IMPLEMENTATION RULES AND STANDARDS

The importance and impact of data privacy protection training are experienced in the ability
of the designated accountable and responsible for data protection to apply the rules and
standards in assessing and controlling the impact of the organization’s business process,
system, technology and people to data privacy protection and information security.

1. Statutory and Regulatory References

a. R.A. 10173 –Data Privacy Act of 2012 – (Statutory)

https://www.privacy.gov.ph/data-privacy-act/

b. R.A. 10173 – Implementing Rules and Regulation

https://www.privacy.gov.ph/implementing-rules-regulations-data-privacy-act-
2012/

c. NPC Advisory 2017-01 – Designation of Data Protection Officer

https://www.privacy.gov.ph/advisories/npc-advisory-no-2017-01-designation-
data-protection-officers/

d. NPC Circular 16-01 – Security of Personal Data in Government Agencies

https://www.privacy.gov.ph/memorandum-circulars/npc-circular-16-01-security-
of-personal-data-in-government-agencies/

e. NPC Circular 16-02 – Data Sharing Agreement Involving Government Agencies

https://www.privacy.gov.ph/memorandum-circulars/npc-circular-16-02-data-
sharing-agreements-involving-government-agencies/

f. NPC Circular 17-01 – Registration of Data Processing System

https://www.privacy.gov.ph/wp-content/uploads/2017/08/NPC_Circular-17-01-
Registration_final.pdf

g. NPC Advisory 2017-03 – Guideline on Privacy Impact Assessment

https://www.privacy.gov.ph/wp-
content/files/attachments/nwsltr/NPC_AdvisoryNo.2017-03.pdf

h. NPC Circular 16-03 – Personal Data Breach Management

 https://www.privacy.gov.ph/memorandum-circulars/npc-circular-16-03-
personal-data-breach-management/
 https://www.privacy.gov.ph/wp-
content/files/attachments/nwsltr/Final_Advisory18-02_6.26.18.pdf
 DATA PRIVACY PROTECTION IMPLEMENTATION RULES AND STANDARDS

i. NPC Circular 16–04 – Rules of Procedures for Privacy Complaint

https://www.privacy.gov.ph/memorandum-circulars/npc-circular-16-04-rules-of-
procedure/

j. NPC Circular 18-01 – Rules of Procedure on Request for Advisory Opinion

https://www.privacy.gov.ph/npc-circular-no-18-01-rules-of-procedure-on-
requests-for-advisory-opinions/

k. NPC Circular 18-02 – Guidelines on Compliance Check

https://www.privacy.gov.ph/npc-circular-no-18-02-guidelines-on-compliance-
checks/

3. European Union General Data Privacy Regulation

a. Regulation
 https://gdpr-info.eu/
 https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?
uri=CELEX:32016R0679

b. DPO Professional Standard

 https://edps.europa.eu/sites/edp/files/publication/10-10-
14_dpo_standards_en.pdf
 https://gdpr.eu/data-protection-officer/

4. International Standard Organizatiton

a. ISO 29100 -Data Privacy Policy Framework

https://www.freestandardsdownload.com/iso-iec-29100-2011.html

b. ISO 29151 - Data Privacy Control

https://www.freestandardsdownload.com/iso-iec-29151-2017-pdf.html

c. ISO 29190 – Data Privacy Capability Assessment Model

https://www.iso.org/obp/ui/#iso:std:iso-iec:29190:ed-1:v1:en

d. ISO 27018 - Cloud Privacy

https://www.freestandardsdownload.com/iso-iec-27018-2014.html
DATA PRIVACY PROTECTION IMPLEMENTATION RULES AND STANDARDS
e. ISO 27001 - Security Management System
https://www.freestandardsdownload.com/bs-en-iso-iec-27001-2017.html

f. ISO 27002 - Information Security Control

https://www.freestandardsdownload.com/bs-en-iso-iec-27002-2017.html

g. ISO 27017 - Cloud Information Security

https://www.freestandardsdownload.com/iso-iec-27017-2015-pdf-free-
download.html

h. ISO 27701 - Information Security for Privacy Information Management System

https://www.freestandardsdownload.com/iso-iec-27701-2019.html

i. ISO 29134 - Privacy Impact Assessment

https://www.freestandardsdownload.com/iso-iec-29134-2017-pdf.html

j. ISO 31000 - Risk Management Framework

https://www.freestandardsdownload.com/bs-iso-31000-2018-pdf-
download.html

k. ISO 27005 - Information Security Risk Management

https://www.freestandardsdownload.com/iso-iec-27005-2018-pdf-
download.html

l. ISO 27550 - System Development Data Privacy by Design

https://www.freestandardsdownload.com/iso-iec-tr-27550-2019-pdf-
download.html

m. ISO 27003 -Information Security Management Implementation Guidance

https://www.freestandardsdownload.com/iso-iec-27003-2010-pdf-
download.html
 DATA PRIVACY PROTECTION IMPLEMENTATION RULES AND STANDARDS
n. ISO 27035 - Information Security Incident Management
 https://sites.google.com/a/ist033.org.uk/public/home/4/cg-ip/27035
 https://www.pdfdrive.com/bs-isoiec-270352011-information-technology-
security-techniques-information-security-incident-management-
e161773690.html
 https://www.gov.scot/binaries/content/documents/govscot/publications
/advice-and-guidance/2019/10/cyber-resilience-incident-
management/documents/cyber-incident-readiness-assessment/cyber-
incident-readiness assessment/govscot%3Adocument/Cyber%2Bincident
%2Breadiness%2Bassessment.xlsx

o. ISO 27031 - Information Security Business Continuity Readiness

https://www.freestandardsdownload.com/iso-iec-27031-2011-pdf-
download.html

p. ISO 27007 - Information Security Management System Audit

https://www.freestandardsdownload.com/iso-iec-27007-2020.html

5. Other International Research and Regulatory Body

a. NIST Privacy Framework
https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.01162020.pdf

b. PCI DSS
https://www.pcisecuritystandards.org/documents/PCI_DSS-QRG-v3_2_1.pdf?
agreement=true&time=1534870826847

c. HIPAA
https://www.hhs.gov/hipaa/for-professionals/privacy/index.html

d. FIRST – Forum of Incident Response and Security Teams

 Establishing CSIRT
https://www.first.org/resources/guides/Establishing-CSIRT-v1.2.pdf
 Building a SOC
https://www.first.org/resources/guides/Factsheet_Building_a_SOC_start
_small.pdf