Data Protection & Privacy

Taking Action in Data Protection

Philippines’ Data Privacy Act (DPA) is a law that aims to protect individual personal information both in government and private sector. The implementing rules and regulation (IRR) was promulgated in August 2016. Individuals and organizations which fail to comply may be fined up to Php 7 million fine and/or imprisonment, and may suffer reputational damage.

Are you prepared?

Data privacy encompasses the rights of individuals and obligations of organizations with respect to the collection, storage, use, disclosure, retention, and disposal of personal data i.e. across the data life cycle.

Data privacy challenges

Understanding Data Privacy

Privacy is one of the foundation of trust in any industry. PwC Risk Assurance - Data Protection & Privacy Services assists client to build trust by helping in proactively addressing privacy. We can help the client to better understand the data privacy within their organization and how it fits within their overall business strategy.

Privacy compliance advisory

Privacy awareness trainings

Management of personal data

Client may not be aware of the personal data collected and the purposes for which it is being used. Therefore they are unable to maximize the use of all personal data. Some personal data is distributed across the organization, often sitting within numerous business process and technologies, and as a consequence there are significant challenges in cost and managing of these data. PwC Risk Assurance - Data Protection & Privacy Services provide recommendation to better manage personal data including development of policies and procedures.

Personal data inventory

Privacy impact assessment

Privacy maturity assessment

Data privacy manualization

Compliance with regulatory requirements (local and global)

With the implementation of local and global Privacy laws, organizations are mandated to comply with the requirements over processing of personal data. With PwC Risk Assurance - Data Protection & Privacy Services understanding of the law and involvement on different data privacy implementation projects, we can assist the client on their data privacy journey.

Privacy compliance advisory

Privacy managed service

Data security

PwC Risk Assurance - Data Protection & Privacy Services can help identify the internal and external threats to the security over personal data and and recommend appropriate controls to ensure compliance with relevant regulation and standards. In addition, we can help the client determine if they are well prepared to respond to a breach and test their data security capability.

Privacy compliance assessment

How we can help

The impact is not just on legal, compliance, or cyber security but also how companies take business decisions, leverage information, and deal with third parties when it concerns personal data. A problem this complex requires multifaceted and holistic approach with involvement of business, legal, technology, and IT security leadership.

PwC’s unique cross competency privacy team of risk and assurance specialists, cyber security experts, and lawyers help organizations understand their data privacy obligations, navigate the underlying technology, demonstrate accountability and build trust with customers, employees and third parties.


Privacy Compliance Advisory Services

Develop relevant requirements based on the Five Pillars of Data Privacy Accountability and Compliance set by National Privacy Commission (NPC).

  • Establishment of Data Protection Office (DPO)
  • Personal data inventory
  • Data privacy manualization

Privacy Managed Services

Assist in the conduct of the Data Protection Office (DPO) functions and activities to implement data privacy measures.

  • External Data Protection Office (DPO)
  • DPO secondment

Privacy Assessment Services

Perform privacy assessment depending on the client’s need to review the design and effectiveness of the implemented data privacy measures based on the requirements of the law and other applicable standards.

  • Privacy impact assessment
  • Privacy maturity assessment
  • Privacy compliance assessment

Other Privacy Services
  • Privacy awareness trainings and workshops 
  • Contracts review 
  • Vulnerability Assessment and Penetration Testing (VAPT) readiness assessment 
  • Information Security Management System (ISMS) readiness assessment
  • Technical security reviews


Contact us

Maria Rosell S. Gomez

Maria Rosell S. Gomez

Risk Assurance Leader, PwC Philippines

Tel: +63 (2) 8845 2728

Mark Anthony P. Almodovar

Mark Anthony P. Almodovar

Risk Assurance Executive Director, PwC Philippines

Tel: +63 (2) 8845 2728

Maria Gracia Valdez

Maria Gracia Valdez

Risk Assurance Manager, PwC Philippines

Tel: +63 (2) 8845 2728

Required fields are marked with an asterisk(*)

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.