The ______________ will be accountable for ensuring compliance by the PIC or PIP with the Data Privacy Act, its IRR, related issuances of the National Privacy Commission, and other applicable laws and regulations relating to data privacy and security

As a PIC or PIP, I am not allowed to outsource or subcontract the DPO functions.

While the responsibility of complying with the DPA, its IRR, issuances by the NPC, and other applicable laws remains with the PIC or PIP, malfeasance, misfeasance, or nonfeasance on the part of the DPO or COP relative to his designated functions may still be a ground for administrative, civil, or criminal liability, in accordance with all applicable laws.

A PIC or PIP, taking into account the complexity of its operations, is not allowed to have more than one data protection officer.

Commission Officer for Privacy” or “COP” refers to an individual or individuals who shall perform some of the functions of a DPO.