NewBIR TRAIN Law brackets are now live in WORKSPHR. Learn more
Data Privacy

Data Privacy Act compliance, built in, not bolted on.

What is the Data Privacy Act?

Republic Act No. 10173 (Data Privacy Act of 2012) regulates how organizations in the Philippines collect, store, process, and dispose of personal data. The National Privacy Commission (NPC) enforces compliance. Employers handling employee data must register, appoint a DPO, and implement security measures.

NPC-registered. RA 10173 (Data Privacy Act 2012) compliant. AES-256 encryption, role-based access, audit logs, breach notification. Filipino employee data stays Filipino-secure.

Book a DemoSee Pricing

NPC fines are severe

NPC violations can mean millions in fines + criminal liability for officers. Data breaches are a top concern for HR teams handling sensitive employee information.

Unauthorized processing
₱500,000 - ₱4,000,000 + 3-6 years imprisonment
PHP 500K–4M+ 3–6 years imprisonment for officers
Negligent processing
₱500,000 - ₱2,000,000 + 1-3 years imprisonment
PHP 500K–2M+ 1–3 years imprisonment for officers
Improper disposal
₱100,000 - ₱500,000 + 6 months - 2 years imprisonment
PHP 100K–500K+ 6 months–2 years imprisonment
Unauthorized disclosure
₱500,000 - ₱2,000,000 + 1-3 years imprisonment
PHP 500K–2M+ 1–3 years imprisonment for officers

How WORKSPHR solves it.

Every feature shipped is reviewed by a Filipino HR practitioner first. Built natively for PH compliance, not adapted from foreign systems.

WORKSPHR is registered with the National Privacy Commission as a personal information processor. Your DPO can include WORKSPHR in your processing inventory.

  • NPC registration certificate
  • Listed as NPC-recognized PIP
  • DPA-compliant processing agreement
  • Cross-border transfer documentation
Book a Demo

How it works.

Step
1

NPC compliance baseline

WORKSPHR comes pre-configured for DPA compliance: encryption, access control, audit logs, retention policies. Your DPO reviews + signs off.

Step
2

Daily DPA-compliant ops

Every employee record access is logged. Changes are auditable. Exports are tracked. Daily HR work is automatically DPA-compliant.

Step
3

NPC audit ready

When NPC inspector arrives or DPO needs reports: 1-click export of all access logs, processing inventory, and consent records. Immutable, signed.

  • What is the Data Privacy Act of 2012?
    RA 10173 (Data Privacy Act) is the Philippine law governing personal data processing. It applies to all organizations handling personal information in the Philippines. The National Privacy Commission (NPC) enforces it. Employers handling employee data are Personal Information Controllers (PICs).
  • Is WORKSPHR NPC-registered?
    Yes. WORKSPHR (CRUD.IT Solutions Inc.) is registered with the NPC as a Personal Information Processor (PIP). Your DPO can include WORKSPHR in your processing inventory + DPA contract.
  • How does WORKSPHR handle data subject rights?
    Employees can request access, correction, and erasure of their data per DPA Section 16. WORKSPHR provides one-click export of all employee data + correction workflows + erasure with audit trail. Payroll history retained per legal exceptions.
  • What encryption does WORKSPHR use?
    AES-256 encryption at rest for all employee data. TLS 1.3 in transit. Backups encrypted. Even our engineering team cannot decrypt without authorization. Zero-knowledge architecture available on Enterprise.
  • How are access logs maintained?
    Every employee data access (read, write, change, export) is logged with timestamp + user + IP + reason. Logs are immutable, retained 5+ years, and exportable in NPC-compatible format for audits.
  • What about breach notification?
    NPC requires 72-hour breach notification. WORKSPHR detects anomalies (failed logins, unusual exports), provides incident response toolkit, and pre-fills the NPC notification template. Your DPO leads response with our support.
  • Does WORKSPHR meet international standards?
    Yes. Beyond DPA compliance, WORKSPHR aligns with ISO 27001 security practices and SOC 2 Type II roadmap (Q4 2026). GDPR-compatible for clients with EU partnerships.
  • How long is data retained?
    Employment records: 10 years post-separation per Labor Code. Payroll: 5 years per BIR/DOLE. Performance reviews: 3 years. Custom retention schedules configurable per data category.
More on WORKSPHR

Related compliance topics

Hand-picked products and modules that work natively alongside everything you saw above.

Featured

Security Overview

Learn more about this topic.

Explore Security Overview →

HR Software

201 files, org chart, employee data — all in one place.

DOLE Compliance

RA 11058 OSH, Form 32, 201 audit-ready exports.

About WORKSPHR

Learn more about this topic.

Filipino employee data, Filipino-secured.

Book a 30-minute demo. We'll show NPC compliance + AES-256 encryption + audit logs, live, with your DPO's questions answered.

Book a DemoSee Pricing →