Skip To Content

CRC Data Protection Officer Foundational Course


Sorry! The enrollment period is currently closed. Please check back soon.

Full course description



To ENROLL, please click here.


The University of Asia and the Pacific through the Center for Research and Communication (CRC) has been offering Data Protection Officer (DPO) Foundational Course. The DPO Foundational Course is a 4-day interactive – instructor-led training with course study material by subject matter experts and intensive writeshops on privacy impact assessment, privacy notice, advisory opinions, among others. It adheres to international standards such as ISOs and is a first step to becoming a practicing Data Privacy Officer. The lectures are conducted via Zoom.

An examination will be administered by the Center for Research and Communication on the afternoon of the 5th day of the training to assess what the participants have learned throughout the course. 

The examination will gauge the competencies of the students against the DPO Body of Knowledge with the following particular areas:

  1. Data Privacy Act of 2012 (RA 10173) and its Implementing Rules and Regulation
  2. The WHAT, WHY and HOW of Data Protection and implementing data security in the enterprise
  3. Duties, roles, responsibilities, and accountability of a Data Protection Officer
  4. Accountability and Responsibilities of the Enterprise in protecting its assets (specific to data in relation to personal data of its stakeholders)

This course is recommended to any individual who aspires to be a Data Protection Officer, to have a career in data privacy, or to have a basic awareness and knowledge on data privacy especially those who use, process, and maintain personal data.

Certificate of Completion will be awarded to participants who attended at least 3 out of the 4 lecture days and a Certificate of Recognition if they pass the CRC assessment exam.

For more information, click here.


  • Module 1: Introduction to Data Privacy Act
    • Aspects of Informational Privacy
    • Definition
    • Policy, Scope, Mandate and Functions
    • Key Terms
    • Data Privacy Principles
    • Security Measures (Organizational, Technical, Physical)
    • Rights of the Data Subject
    • Consequences of Complaints Files
  • Module 2: Data Privacy Principles
    • Transparency; Right to Information
    • Privacy Notice
    • Role of DPO in Transparency
    • Right to Access
    • Principle of Legitimate Purpose
    • Consent
    • Legitimate Purpose in Processing including SPI
    • Compliance Framework
    • Data Subject's Rights
    • Principle of Proportionality
  • Module 3: Appointing a Data Protection Officer
    • Legal Basis
    • General Qualifications
    • COP
    • Instances where a PIC or PIP is allowed to designate a COP
    • Position of a DPO or a COP in the Organization
    • Conflict of Interest
    • Confidentiality
    • Subcontracting
    • Independence and Autonomy
    • Duties and Responsibilities
    • Supporting the DPO
  • Module 4: Privacy Impact Assessment
    • Definition and Scope
    • Objectives of Conducting a PIA
    • When is PIA Necessary?
    • Is PIA Required?
    • Benefits of PIA
    • Components of PIA
    • Stakeholder Involvement in PIA
    • Records of Processing Activities
    • PIA and Privacy By Design
    • PIA Provides an Initial Step Towards Accountability
    • Data Life Cycle
    • Determination of Security Measures
    • Identifying and Rating Privacy Risks
    • Privacy Risk Mapping
    • Approaches to Risk Management
    • Duty of DPO in Relation to PIA
    • PIA Process
  • Module 5: Privacy Management Program
    • Five Pillars of NPC
    • The Data Privacy Accountability and Compliance Framework
    • Compliance with the DPA
    • What is PMP?
    • PMP Objectives
    • Importance of a PMP
    • PMP Guide
    • Key Components
    • What does a PMP Look Like?
      • Governance, DPO, Records of Processing Activities, Risk Assessment, Registration, Policies and Procedures, Data Security, Capacity Building, Breach Management, Notification, Third Party Management, Communication, Understanding of Privacy Ecosystem, Oversight and Review Plan, Assess and Revise Program Controls
    • Supporting Documents of a PMP
  • Module 6: Security Measures and Handling Third Party Risks
    • Security Measures
    • Organizational Security Measures
      • Examples, Compliance Officers, Data Protection Policies, Records of Processing Activities, Management of Human Resources, Processing of Personal Data, and Contracts with PIPs
    • Physical Security Measures
    • Technical Security Measures
    • Examples involving Consent and DSA (NPC Circ 16-02)
    • Managing Third Party Risks
    • General Principles for Data Sharing
    • When Consent of Data Subject is Required
    • Contents of a DSA
    • When is a DSA Considered Terminated?
    • Outsourcing/Subcontracting
    • Outsourcing Agreement
  • Module 7: Breach Management
    • Definition of Terms
    • Personal Data Breach Management Guidelines
    • Security Incident Management Policy
    • Data Breach Response Team
    • Implementation of Security Measures and Privacy Policies
    • Mandatory Notification/Requirements
    • Contents of the Notice
    • Full Report
    • Concealment or Failure to Disclose
    • Annual Security Incident Report
    • How to File an Annual Report


Atty. Jpee Hernandez (Assistant Vice President and Deputy Data Protection Officer for one of the Philippine's biggest universal banks; Former Chief of Staff of the National Privacy Commission Office of the Deputy Privacy; Worked as a Compliance and Data Privacy Officer for a multinational publishing company, Financial Times Electronic Publishing, Inc.)

Atty. Karl Baquiran (Consultant at the Ateneo de Manila University - University Data Protection Office; Former member of the Data Security and Compliance Office of the National Privacy Commission; Resource speaker during awareness seminars, briefings and workshops involving compliance with Data Privacy regulations.)


Php 37,500.00


June 7, 8, 14, 15 & 21, 2024

Learning Mode


For more details, please contact