In a memorandum issued by President and CEO Manuel V. Pangilinan, the Data Privacy Office (DPO) was recently created aimed at handling the compliance initiatives of the PLDT Group with the Data Privacy Act of 2012.
The DPO will ensure compliance of the PLDT Group with the national data privacy laws, ordinances, and acts. It will also provide top level direction and coordinate closely with PLDT Group business units to ensure effective implementation of data privacy strategies including but not limited to policies, procedures, and processes; legal aspect of data privacy; and compliance review as well as collaborate with data privacy regulatory organizations such as the National Privacy Commission (NPC) on behalf of the PLDT Group.
Appointed Chief Data Privacy Officer was Leah Camilla R. Besa-Jimenez who will be responsible for spearheading compliance initiatives of the PLDT Group with Republic Act 0173 or the Data Privacy act of 2012. Besa-Jimenez is also mandated to orchestrate data privacy programs and initiatives across the PLDT Group to reinforce adherence with set privacy policies and standards. Lastly, she shall manage standards and policies covering the handling of costumer information and data.”
Besa-Jimenez has over 20 years of experience in Digital, Data, CRM/CVM, Marketing, Media, Product and Social. She has consulted for global brands for industries covering FMCG, Technology, Telecommunications and Healthcare.
Data Privacy Strategy
Functioning under the supervision of DPO, the Data Privacy Strategy will establish compliance strategy with data privacy laws and implementing rules and regulations set by the NPC and the Government for the PLDT Group.
The DP Strategy will also design corresponding compliance implementation programs aligned with overall Company directions across the PLDT Group. It will likewise lead the establishment of applicable systems to support data privacy compliance operations; represent and liaise with data privacy regulatory organizations in behalf of the PLDT Group; and ensure regular compliance reporting to NPC and PLDT Group Data Privacy steering committee.
Data Privacy Process & Compliance Meanwhile, the Data Privacy Process & Compliance (DP Compliance) will handle the implementations and disseminate information about “group-wide data privacy compliance programs, processes, policies, and initiatives with all concerned organizations.”
It will manage data privacy compliance review and consolidate compliance results of all entities such as consent, business look up for transactions, internal policies, NPC prescribed laws and implementing rules and regulations and will also ensure all documentation and standardized data privacy policies are in accordance with NPC implementing rules & regulations; and manage review of Business Use-cases of entities and provide recommendations and improvements to ensure data privacy compliance.”
The DP Strategy and the DP Compliance will be under the newly created Data Privacy Office.