Call us: +48 607 644 877

Please enter your username or email address. You will receive a link to create a new password via email.

Npc Data Sharing Agreement

NPC Data Sharing Agreement: What You Need to Know

Data sharing is critical for businesses and organizations, particularly for those that operate within the National Privacy Commission’s (NPC) jurisdiction. The NPC is the agency responsible for regulating and enforcing data privacy laws in the Philippines. It ensures that organizations processing personal data comply with the Data Privacy Act of 2012 (DPA) and other relevant laws.

One of the requirements for organizations under the DPA is the execution of a Data Sharing Agreement (DSA) when sharing personal data with third-party service providers or other organizations. This agreement outlines the terms and conditions for sharing personal data, including the purposes for which data will be shared, how it will be protected, and the duration of the agreement.

The NPC emphasizes the importance of DSAs as a means of ensuring that personal data is protected in line with the DPA. Organizations must conduct proper due diligence before sharing personal data with third-party service providers. This includes verifying that the service provider has implemented adequate security measures to protect the data, and that the service provider has proper authorization to process and store the data.

When executed properly, a DSA can help organizations ensure that their data sharing activities are secure, compliant, and transparent. It can help safeguard personal data from being misused, lost, or accessed by unauthorized individuals.

Key Components of a NPC Data Sharing Agreement

A DSA is a legally binding agreement between two parties, and thus must meet certain requirements to be effective. The following are key components of a DSA:

1. Purpose of data sharing – This section outlines the purpose and scope of the data sharing activity, including what data will be shared and why it needs to be shared.

2. Obligations of the parties – This section outlines the responsibilities of each party, including their respective obligations to protect the personal data being shared.

3. Transfer of data – This section outlines the procedures for transferring data between the parties, including how data will be stored, secured and transferred.

4. Security measures – This section outlines the security measures that will be implemented to protect the personal data being shared, including encryption, access controls, and monitoring.

5. Data retention – This section outlines how long personal data will be retained and how it will be disposed of once it is no longer needed.

6. Data subject rights – This section outlines how data subjects can exercise their rights under the DPA, including the right to access, rectification, erasure, and objection.

7. Termination of agreement – This section outlines the circumstances under which the DSA may be terminated, and the procedures for doing so.


In summary, a DSA is a crucial tool for organizations that engage in data sharing activities. It helps ensure that personal data is protected in line with the DPA, and can help safeguard against data breaches and other security threats. When creating a DSA, it is important to ensure that all key components are included and that the agreement is clear, concise, and legally binding. With the right precautions in place, organizations can continue to share data securely and in compliance with applicable laws and regulations.