2. 2
Key Information
• Subject of the violation: Per Act – Maximum of Php 5,000,000 for each.
• Categories of Infractions:
• Grave Infractions: Infractions that affect 1,000 or more data subjects.
• Major Infractions: Infractions that affect 1 – 1,000 data subjects.
• Other Infractions: Those infractions not within the definition of Grave and Major
infractions.
3. 3
Grave Infractions
• Infraction of general privacy principles and data subject rights.
• Administrative fines of 0.5% to 3% of the annual gross income.
• Repetition of infractions whether categorized as major or other infractions
shall be categorized as grave infraction.
4. 4
Major Infractions
• Infraction of general privacy principles and data subject rights.
• Administrative fines of 0.25% to 2% of the annual gross income.
• Any failure to implement security measures
• Any failure to ensure that third parties processing personal information on
behalf of the PIC implements proper security measures.
• Any failure to notify the Commission and affected data subjects of
personal data breaches based on IRR requirements.
5. 5
Other Infractions
• Administrative fine of not less than Php 50,000.00 but not exceeding Php
200,000.00
• This includes not registering the true identity or contact information of the
PIC, the Data Processing System (DPS), or information on automated
decision making.
• Failure to provide updated information or contact details of the PIC, the
data processing system, or information on automated decision making.
• Violation of any order, resolution, or decision of the commission or any of
its duly authorized officers will be fined Php 50,000.00 for each.
6. Summary of NPC Circular 2022-001
Violation per Act – Max Penalty of 5,000,000.00
Grave Infraction Major Infraction Other Infraction
Infraction of General Privacy Principles and Data Subject Rights
Fines: 0.5% to 3% AGI Fines: 0.25% to 2% AGI
Repeated Major Infraction
Fines: >50,000 AND <200,000
Failure to implement security
measures, third party audits, and
notification.
False identity and contact
information, not complying with
registration requirements, and
violation of any order, resolution, or
decision of the NPC or its
authorized officers.
7. We’re here to help.
Get in touch with us today.
reimagine@collectionhouse.com.au | https://collectionhouse.com.au
https://linkedin.com/company/CollectionHouseInternational
+63.917.8036174 | +63.917.8024777 | +63.2.79096693
20/F Exxa Tower, Bridgetowne C-5 Road, Ugong Norte, Quezon City, PH, 1110
http://facebook.com/collectionhousemanila