How to Renew Your Data Protection Officer (DPO) and Data Processing System (DPS) Registrations

You’re probably new to managing a company or running a business, but you’ve likely already experienced the weight of responsibilities that extend far beyond overseeing daily operations. Now, among these crucial—but often overlooked—tasks is keeping your business registrations and licenses up to date. 

And yes, they are non-negotiable. You need to renew them, mostly annually, to ensure that your business remains compliant with changing regulations, maintains up-to-date records, continues to operate legally, and avoids penalties. Trust us, these routine tasks are more than just paperwork—they are vital steps toward the success and sustainability of your business. 

In this blog, we’ll guide you through the renewal of your DPO and DPS registrations and help you stay on the right side of the data privacy laws in the Philippines. And yes again, we can process the renewal on your behalf. Just give us a call and skip the long read! 

Understanding DPO and DPS

If you’ve missed our previous article on DPO Appointment and Registration in the Philippines, don’t worry! We can always start from the basics so you can fully understand the process and its importance.   

Data Protection Officer (DPO)

As we have explained in the article, a Data Protection Officer (DPO) is an individual appointed and registered with the National Privacy Commission (NPC) to oversee data protection activities carried out by the Personal Information Controller (PIC) and/or Personal Information Processor (PIP) and ensure their compliance with data privacy laws.      

Data Processing System (DPS)

A Data Processing System (DPS), on the other hand, refers to the technological infrastructure and processes used by the PIC and/or PIP in processing personal data. It may encompass hardware and software systems, processes and workflows, and security measures. 

Who Requires DPO and DPS Registrations?

DPO and DPS registrations may either be mandatory or voluntary. As NPC Circular 2022-04 (effective January 2023) provides, both registrations are mandatory for PICs and PIPs that: (a) employ two hundred fifty (250) or more persons; (b) process sensitive personal information of one thousand (1,000) or more individuals; or (c) process data that will likely pose a risk to the rights and freedoms of data subjects.  

To clarify, a Personal Information Controller (PIC) can be an individual or an organization that determines the purposes and means of collecting, processing, and using (including directing others to handle) personal data. On the other hand, a Personal Information Processor (PIP) processes personal data on behalf of the PIC, acting only under its instructions and the DPA. Thus, a PIC can outsource data processing to a PIP.

Now, if your entity or organization is not subject to mandatory registration, you may still opt to voluntarily register your DPO and DPS. If you do not plan to register, you must still submit a sworn declaration to the NPC, which in turn may request supporting documents.   

When Should You Register Your DPO and DPS?

As provided in Section 7 of NPC Circular 2022-04, if you are a covered PIC or PIP, you must register your newly implemented Data Processing System (DPS) or inaugural Data Protection Officer (DPO) in the NPC Registration System (NPCRS) within 20 days from the commencement of the system or the effectivity date of the appointment. 

Additionally, if you have minor amendments to your existing registration information, which includes updates on the existing DPS or a change in DPO, you must update the system within 10 days from the DPS update or the effectivity of the DPO appointment. For major amendments such as on the name or address of your entity, you must file them within thirty (30) days from the effectivity of such changes.

When Should You Renew Your DPO and DPS Registrations?

Your received Certificate of Registration (COR) is valid for one (1) year from its date of issuance, unless it is revoked by the NPC for grounds provided under Section 35 and after issuance of a Notice of Revocation. With this, you must renew your registration thirty (30) days before the expiration.  

How to Renew Your DPO and DPS Registrations (Step-By-Step Guide)

Similar to your initial DPO and DPS registrations, you can process the renewal either manually with the National Privacy Commission (NPC) or online via the NPC Registration System (NPCRS). Alternatively, we, at FilePino, can handle the renewal for you and offer the necessary guidance for your full compliance. 

1. Wait for the Email Reminder. 

You will receive an email reminder about the renewal and the opening of NCPRS for processing at least thirty (30) days before your Certificate of Registration (COR) expires, as your email is already system-enrolled. 

2. Follow the Instructions and Proceed to the Renewal Page.

In your received email reminder, you will most likely find a button that directs you to the NCPRS login page. Once logged in, review the details, upload the supporting documents as necessary, and proceed to update.

3. Pay the Renewal Fees.

You will then be asked to pay for the renewal fee, which can already be made via the agency’s partner payment channels. The fee ranges between PHP 350 to PHP 2,500 depending on the type of registration (e.g., individual/professional, multinational organization, etc.). Refer to the NPC table of fees here.   

4. Wait for the Validation and Approval.

After payment, please allow a few days for the NPC to validate your details and approve the renewal. If you need to make any changes to your DPO during the renewal period, it is recommended to complete the renewal first and then file for amendments afterward. 

5. Download Your Renewal Documents.

Once your renewal is finally approved, you will be given access to your DPO/DPS Certificate of Registration (COR) and NPC Seal of Registration (SOR).   

In the end, renewing your DPO and DPS registrations with the National Privacy Commission (NPC) is a manageable process, thanks to the availability of manual and online means. From receiving the email reminder to awaiting approval, it is designed for convenience and efficiency. 

… and you might just need our assistance.

Need help with your DPO and DPS registration renewal? Set up a consultation with FilePino today! Call us at (02) 8478-5826 (landline) and 0917 892 2337 (mobile) or send an email to info@filepino.com.