top of page

DATA PRIVACY LAW

Protecting Your Data, Your Business, and Your Reputation

 

In the digital age, data is one of your most valuable assets—and one of your biggest legal risks. Under the Philippine Data Privacy Act (DPA) and its implementing rules, businesses and organizations are required to protect personal data, implement reasonable security measures, and respond properly to data breaches and privacy complaints.

 

Non-compliance can result in fines, criminal liability, regulatory sanctions, and severe reputational damage.

 

At LORD LAW, we help clients understand, manage, and reduce their data privacy risks through practical, business-oriented legal solutions. Our goal is simple: keep you compliant, secure, and operational.

 

 

Who We Serve

 

We advise and assist:

 

  • Corporations and SMEs

  • Real estate and property developers

  • Professional firms and service providers

  • Schools, clinics, and hospitals

  • E-commerce platforms and online businesses

  • BPOs, outsourcing companies, and tech startups

  • NGOs and foundations handling personal data

 

Whether you are just starting your data privacy compliance program or responding to a regulatory inquiry or data breach, we can assist at every stage.

 

 

Our Data Privacy Services

 

 

1. Data Privacy Compliance & Governance

 

We assist organizations in building and maintaining a solid privacy framework, including:

 

  • Compliance review under the Philippine Data Privacy Act and NPC issuances

  • Gap analysis of existing policies, contracts, and practices

  • Design and implementation of a Data Privacy Management Program

  • Advice on lawful basis for processing, consent, and legitimate interests

  • Risk-based guidance tailored to your industry and operations

 

Our approach is practical—we focus on what you actually do with data, not just what your policies say.

 

 

2. Drafting of Policies, Notices & Documentation

 

We prepare and refine key documents required by law and by best practices, such as:

 

  • Privacy policies and privacy notices (online and offline)

  • Data sharing and data outsourcing agreements

  • Internal data protection policies and procedures

  • Consent forms and data subject authorization forms

  • Record of processing activities and data inventory templates

 

We ensure that your documentation is not just boilerplate, but aligned with your actual operations and systems.

 

 

3. Data Protection Officer (DPO) Support

 

We support in-house and external Data Protection Officers by:

 

  • Assisting in the registration of DPOs and data processing systems

  • Providing legal guidance on complex or high-risk processing activities

  • Supporting privacy impact assessments (PIA)

  • Drafting standard operating procedures for incident handling and requests of data subjects

  • Providing ongoing advisory support on day-to-day privacy questions

 

We work as a legal partner to your DPO, helping them perform their role confidently and effectively.

 

 

4. Data Breach Management & Incident Response

 

When a data breach or security incident occurs, time and strategy are critical. We help you:

 

  • Assess whether an incident qualifies as a personal data breach

  • Determine notification obligations to the National Privacy Commission (NPC) and affected data subjects

  • Prepare breach reports, notifications, and internal incident documentation

  • Coordinate with your IT, security, and communications teams

  • Implement remedial and preventive measures to reduce future risks

 

Our goal is to contain legal exposure, minimize reputational harm, and show regulators that your response was responsible and compliant.

 

 

5. Data Subject Rights, Complaints & NPC Proceedings

 

Data subjects have rights. Organizations have obligations. We assist in:

 

  • Responding to requests for access, correction, deletion, and data portability

  • Handling complaints from customers, employees, or other data subjects

  • Representing clients before the National Privacy Commission

  • Drafting position papers, explanations, and responses to NPC orders or subpoenas

  • Negotiating and implementing corrective action plans

 

We aim to resolve issues early, before they escalate into full-blown regulatory or court cases.

 

 

6. Contract Review & Vendor Management

 

Third-party service providers and business partners can significantly increase your privacy risk. We:

 

  • Review and draft data protection clauses in service contracts

  • Structure data sharing and outsourcing arrangements

  • Help you evaluate privacy risk in vendor selection and management

  • Align your contracts with your actual technical and organizational safeguards

​

​

For more inofrmation, please contact us. 

bottom of page