Under RA 10173, which of the following terms encompasses a range of operations—including collection, recording, organization, storage, adaptation, retrieval, consultation, use, consolidation, blocking, erasure, or destruction—performed on personal data, regardless of whether the operation is done manually or through automated means?

Which legal basis under RA 10173 is specifically required when the processing of personal data is neither necessary for compliance with a legal obligation, fulfillment of a contract, protection of vital interests, performance of a public authority’s task, nor legitimate interests pursued by the personal information controller or third party?

Which compliance tool, although not explicitly mandated by name in RA 10173, is required under NPC Advisory No. 2017-03 for identifying, assessing, and mitigating risks to the rights and freedoms of data subjects prior to the launch of new or significantly modified processing systems involving sensitive personal information or high-risk data activities?

Under RA 10173 and its implementing rules, which entity bears the primary legal responsibility for ensuring the lawful processing of personal data, including compliance with data subject rights and breach notification requirements, even when the actual processing is outsourced to a third-party service provider?

In accordance with RA 10173 and NPC Circulars, which formal document is required when two or more Personal Information Controllers agree to exchange personal data for a specific purpose, outside the scope of outsourcing, and must clearly define roles, safeguards, duration, and mechanisms for upholding data subject rights?

Which of the following roles, though not vested with ultimate legal accountability for data processing activities, is required under RA 10173 to ensure organizational compliance by monitoring internal data handling practices, managing privacy risks, and serving as a liaison to the National Privacy Commission?