Identify what personal data you have and where it resides
Any data that helps you identify a person
  • Name
  • Email address
  • Social media posts
  • Physical, physiological, or genetic information
  • Medical information
  • Location
  • Bank details
  • IP address
  • Cookies
  • Cultural identity
Identifying where personal data is collected and stored
  • Emails
  • Documents
  • Databases
  • Removable media
  • Metadata
  • Log files
  • Backups
Example solutions
Microsoft Azure
Microsoft Azure Data Catalog
Enterprise Mobility + Security (EMS)
Microsoft Cloud App Security
Dynamics 365
Audit Data & User Activity
Reporting & Analytics
Office & Office 365
Data Loss Prevention
Advanced Data Governance
Office 365 eDiscovery
SQL Server and Azure SQL Database
SQL Query Language 
Windows & Windows Server
Windows Search
Govern how personal data is used and accessed within your organization
Data governance:
Defining policies, roles and responsibilities for the management and use of personal data
  • At rest
  • In process
  • In transit
  • Storing
  • Recovery
  • Archiving
  • Retaining
  • Disposal
Data classification:
Organizing and labeling data to ensure proper handling
  • Types
  • Sensitivity
  • Context / use
  • Ownership
  • Custodians
  • Administrators
  • Users
Example solutions
Microsoft Azure
Azure Active Directory
Azure Information Protection
Azure Role-Based Access Control (RBAC)
Enterprise Mobility + Security (EMS)
Azure Information Protection
Dynamics 365
Security Concepts
Office & Office 365
Advanced Data Governance
Journaling (Exchange Online)
Windows & Windows Server
Microsoft Data Classification Toolkit 
Establish security controls to prevent, detect, and respond to vulnerabilities and data breaches
Preventing data attacks:
Protecting your data
  • Physical datacenter protection
  • Network security
  • Storage security
  • Compute security
  • Identity management
  • Access control
  • Encryption
  • Risk mitigation
Detecting & responding to breaches:
Monitoring for and detecting system intrusions
  • System monitoring
  • Breach identification
  • Calculating impact
  • Planned response
  • Disaster recovery
  • Notifying DPA & customers
Example solutions
Microsoft Azure
Azure Key Vault
Azure Security Center
Azure Storage Services Encryption
Enterprise Mobility + Security (EMS)
Azure Active Directory Premium
Microsoft Intune
Office & Office 365
Advanced Threat Protection
Threat Intelligence
SQL Server and Azure SQL Database
Transparent data encryption
Always Encrypted  
Windows & Windows Server
Windows Defender Advanced Threat Protection
Windows Hello 
Device Guard
Keep required documentation, manage data requests and breach notifications
Enterprises will need to record the:
  • Purposes of processing
  • Classifications of personal data
  • Third-parties with access to the data
  • Organizational and technical security measures
  • Data retention times
Reporting tools:
Implement reporting capabilities
  • Cloud services (processor) documentation
  • Audit logs
  • Breach notifications
  • Handling Data Subject Requests
  • Governance reporting
  • Compliance reviews
Example solutions
Microsoft Trust Center
Service Trust Portal
Microsoft Azure
Azure Auditing & Logging
Azure Data Lake
Azure Monitor
Enterprise Mobility + Security (EMS)
Azure Information Protection
Dynamics 365
Reporting & Analytics
Office & Office 365
Service Assurance
Office 365 Audit Logs
Customer Lockbox
Windows & Windows Server
Windows Defender Advanced Threat Protection

Data Privacy Act of 2012

Ensures that the Philippines complies with international standards set for data protection through National Privacy Commission (NPC).


The Data Privacy Act (DPA)

Preparing for a new era in privacy regulation

RA 10173 and its IRR is already in effect and will require changes in how entities handle personal data.

Known as the Data Privacy Act of 2012 , it imposes new rules on companies, government agencies, non-profits, and other organizations that process personal data.

Microsoft believes the DPA represents an important step forward for individual privacy rights. It gives Filipino residents more control over their “personal data” (which is precisely defined by the DPA). The DPA also seeks to ensure personal data is protected no matter where it is sent, processed, or stored.

The DPA is also a complex regulation that may require vast changes in how you gather and manage data. Microsoft has a long history of helping our customers comply with complex regulations. When it comes to preparing for the DPA, we provide you the ability to comply.

Know Your Data Privacy Rights!

Ikaw lang ang puwede magsabi kung kanino ka magtitiwala — iyan ang ibig sabihin ng Privacy. Here’s a quick review of your data privacy rights! If you feel like any of these rights have been violated, contact us through our social media accounts or via e-mail at complaints[at]

Posted by National Privacy Commission on Thursday, 29 December 2016

Source: National Privacy Commission Facebook Page

Supporting your journey to compliance with the DPA Guide


We want to help you focus on your core business while efficiently preparing for the DPA. Our goal is to streamline your compliance with the DPA through smart technology, innovation, and collaboration.

Microsoft products and services are available today to help you meet the DPA requirements, and we are investing in additional features and functionality. Through our cloud services and on-premises solutions we’ll help you locate and catalog the personal data in your systems, build a more secure environment, simplify your management and monitoring of personal data, and give you the tools and resources you need to meet the DPA reporting and assessment requirements.

We will share what we learn on our journey to compliance to make yours easier. We will show you how our existing enterprise products and services—such as Azure, Dynamics 365, Enterprise Mobility + Security, Office 365, and Windows 10—can jumpstart that journey today.


How should you comply?
What rights must companies enable under the DPA?
How much can companies be fined for non compliance?
What is sensitive personal information?
Does the DPA apply to both data processors and data controllers?
Does my business need to appoint a Data Protection Officer (DPO)?
How does the DPA change an organization's response to personal data breaches?
Does DPA deal with encryption?
How much will it cost me to meet compliance with the DPA?
Where can I learn more about the DPA?