Philippines

The privacy protection laws and regulations of the Philippines are as follows:

● Data Privacy Act of 2012 (DPA): this Act was passed by President of Philippines and came into force on 15th of August 2012, applying to those who use equipment located in the Philippines, or maintain an office, branch or agency in the Philippines for processing of personal data, or processing information outside Philippines but related to Philippine citizens or Philippine residents.

● Implementing Rules and Regulations of Data Privacy Act of 2012 (DPA Implementing Rules): The Philippine National Privacy Commission (the Commission) published the DPA Implementing Rules on 24th of August 2016, which further explain the general principles of personal data protection in order to supervise and ensure the effective implementation of DPA.

● NPC Circular No. 16-03 - Personal Data Breach Management: The Commission published this Circular on 15th of December 2016, which provides framework guidelines for personal data breach management and prevention guidelines, response procedures, and notification requirements for personal data breach.

● NPC Circular No. 20-03 - Data Sharing Agreements: The Commission published this Circular on the 23rd of December 2020, which provides the policies and requirements on data sharing agreements.

● NPC Circular No. 23-04 – Guidelines on Consent: The Commission published this Circular on the 7th of November 2023 which provides guidelines on the use of consent as a lawful basis for processing personal data.

For details about how Huawei Cloud complies with these requirements and how you can securely build cloud services that comply with these regulations, see the HUAWEI Cloud Philippines Privacy Compliance Instruction.

Huawei Cloud is committed to providing you with secure and compliant infrastructure and services. Each service has built-in security features and is guaranteed to run securely through continuous O&M. Huawei Cloud ensures that the infrastructure and services it provides have been assessed by authoritative, independent, third-party agencies and reviewed by the relevant certifying bodies.

When using Huawei Cloud services, you are responsible for the security and compliance of internal applications and custom configurations of your workloads on the cloud. As the owner and controller of your data, you are responsible for data security configuration, confidentiality, integrity, availability, as well as identity authentication and authorization for data access.

You are also responsible for compliance with the applicable regulatory requirements for your workloads on the cloud.

You can download HUAWEI CLOUD Security White Paper to view details about the responsibilities of Huawei Cloud and yours.

For more security and compliance issues, contact your account manager or Huawei Cloud.

Huawei Cloud is committed to building secure and trusted cloud services. The infrastructure and services provided by Huawei Cloud have been assessed by authoritative, independent, third-party agencies and reviewed by the relevant certifying bodies.

Huawei Cloud is compliant with a wide range of international standards and practices, including:

• Security standards: ISO 27001, ISO 27017, CSA STAR, PCI DSS, PCI 3DS, ISO 27034, and NIST cyber security framework (CSF), and more

• Privacy standards: ISO 27018, ISO 27701, BS 10012, ISO 29151, and ISO 27799

• Other standards: ISO 22301 (for business continuity management), ISO/IEC 20000 (for IT service management), TL 9000 and ISO 9001 (for quality management), SOC 1, SOC 2, and SOC 3(for audit)

Learn more from Compliance Certificates in the Compliance Center.

Financial regulators in Philippines include:

Bangko Sentral ng Pilipinas (BSP), the central bank of the Republic of the Philippines, was established on 3 July 1993 as the principal financial services regulator in the Philippines, managing banks and non-bank financial institutions in the Philippines, including quasi-banks, Financial companies and non-equity savings and loan associations.

To regulate financial institutions' risk management in technology, the BSP published a series of regulatory requirements and guidelines, covering technology risk management,The related regulatory requirements and guidelines include:

• Manual of Regulations for Banks(MORB): The Manual of Regulations for Banks (MORB) is designed to be an authoritative regulation governing banks which are all under the supervision of the Bangko Sentral ng Pilipinas. Principally, the MORB fosters compliance to the banking standards and contributes to strengthen the stability of the Philippine financial system.

• Manual of Regulations for Non-Bank Financial Institutions(MORNBFI): The Manual of Regulations for Non-Bank Financial Institutions (MORNBFI) is designed to be an authoritative regulation governing non-bank financial institutions (NBFIs) supervised by, or are under the regulatory ambit of, the Bangko Sentral ng Pilipinas (Bangko Sentral).

Circular No. 982, Series of 2017, Enhanced Guidelines on Information Security Management: This guidance is designed to be amending relevant provisions of the Manual of Regulations for Banks (MORB) and Manual of Regulations for Non-Bank Financial Institutions (MORNBFI) in line with rapidly evolving technology and cyber-threat landscape.

Circular No. 951, Series of 2017, Guidelines on Business Continuity Management: This guidance is designed to be on business continuity management for Bangko Sentral ng Pilipinas (BSP)-supervised financial institutions (BSFIs) and amendments in the Manual of Regulations for Banks (MORB) and Manual of Regulations for Non-Bank Financial Institutions (MORNBFI).

Circular No. 808, Series of 2013, Guidelines on Information Technology Risk Management for All Banks and Other BSP Supervised Institutions: This guidance is designed to be amendments to Sections X176 and X705 of the Manual of Regulations for Banks (MORB) to enhance the guidelines on information technology risk management.

HUAWEI CLOUD User Guide to Financial Services Regulations & Guidelines in Philippines describes how Huawei Cloud will help you meet the regulatory requirements of the financial industry in Philippines.