According to the drafted guidelines of the National Privacy Commission, private sector businesses that function as personal information controllers or processors will soon face administrative fines if they commit violations of data privacy.
First presented in a public consultation online, the draft circular is meant to protect and uphold data privacy as a fundamental human right. The guidelines specify an appropriate range of fines to deter would-be violators but still allow the free flow of information so as not to stifle innovation and growth.
Depending on the infraction, the guidelines state that the administrative fines will be at least one percent and up to five percent of the annual gross income of the offending PIC or PIP. Fines may be imposed whether the violation is intentional or occurred due to negligence.
The administrative fines will be separate from the penalties and sanctions that violators are subjected to under the Data Privacy Act. You can read the full draft below: