Share |
Download: Flyer - Black&White (.PDF 406kb)
                          Course Outline (.PDF 366kb)

               Early Bird Deadline          CGBP                                                                                  

TUESDAY & WEDNESDAY, 4 & 5 AUGUST 2020 * 9:00AM to 5:00PM

The National Privacy Commission in its five pillars of compliance expects the Personal Information Controllers (all those who set the policies), Processors (all those who collect, process and file information) and the Data Protection Officer to provide a system and create the manual that document the agreed data privacy protocol within the organization to implement the set rules and regulation in the processing of personal data and in securing personal information.

This two-day comprehensive training workshop will provide participants with the whole-of-the-enterprise approach and methodology to compose the mandated Privacy Management Manual based on the National Privacy Commission’s practice standards

It will also include topics on how to plan, design, acquire, build and operate a Security Operation Center and provide a security incident management framework to help your organization hurdle the challenges of data breach, compliance and business continuity.

   Limited Seats Only, Pre-Registration Required

   REGISTER NOW and Avail of the Early Bird Discount!

   Contact Person: Aiza Cuenca
   Manila lines (+632) 8556-8968 or 69
  Telefax (+632) 8842-7148 or 59
   Cebu lines (+63 32) 512-3106 or 07
   Baguio line (+63 74) 423-2914
   Legazpi line (+63 52) 736-0148
   Email: Check:
Course Director & Lecturer:

John Macasio -
is the trainer and consultant at the Information and Communications Technology Literacy and Competency Development Bureau of the Department of Information and Communications Technology.

He has recently done capability building of management and workforce on privacy impact assessment and privacy and security management manual with the following organizations among many others:
   1. Department of Finance and some of its attached agency
   2. Department of Agriculture – National Meat Inspection Services
   3. Philhealth - Information Security Group
   4. Light Rail Transit Authority
   5. Philippine Fish Port Authority
   6. MAA General Assurance
   7. PHIVIDEC Industrial Authority

He co-authored the United Nations ESCAP/APCICT published guidance on ICT Project Management – Theory and Application. The academy module has been introduced and translated in six (6) countries.
Who Should Attend:

  1. Personal Information Controller
    (Business Owners, CEOs/ COOs,
    GMs, Administrators, Policy and
    Decision Makers)
  2. Personal Information Processor
    (HR Leaders, Business Managers,
    Sales People, Record Keepers,
    Registrars, etc.)
  3. Data Protection Officer
  4. Compliance Officer for Privacy
  5. Those in outsourcing business
  6. Business Consultants

Get as much as 15% discount
when you enroll 1 month prior to the event, prepay on or before July 4 and register as a group of 3 or more!

Training Investment is P16,980 inclusive of Meals, Resource Kit & Certificate of Attendance
This training is open to the
General Public.


EDSA Shangri-La Hotel, Mandaluyong City, Philippines
9:00 am to 5:00 pm, Tuesday & Wednesday, August 4 & 5, 2020

Training Description

Republic Act 10173, known as the Data Privacy Act of 2012 has obligated business enterprises, national government agencies, Government-Owned and Controlled Corporations, and Local Government Units to protect the data privacy right of every citizen; to apply the data privacy principles in data processing; to enforce the lawful criteria to handle personal information; and to adapt control measures that assure the confidentiality, integrity and availability of information.

The Personal Information Controllers (all those who set the policies), Personal Information Processors (all those who collect, process and file information), and Data Protection Officers are required to demonstrate their clear, specific and doable understanding of the accountability and responsibility through a documented manual of managing the control objectives of data privacy and information security. This comprehensive training will focus on the creation of the data privacy and information security management system and manual in compliance to the requirement of the National Privacy Commission. The covered topics are the following:

1. Governance of data privacy compliance and information security
2. Maintenance of personal data registry and visible inventory of information assets
3. Development, implementation, and monitoring of privacy and security policy
4. Conduct of privacy impact assessment and risk remediation planning
5. Implementation and activity recording of data privacy rights processes that make the Data Subject exercise the rights to be informed, to give consent, to have access, to correct, to block, to erase, to complain, to require data portability.
6. Design, develop, and operate a data processing system that applies the data privacy principles, lawful criteria, limiting condition, and security measures as defined by published rules and standards.
7. Management of security incident and privacy breach.
8. Provide single point of contact for inquiries, complaint, and assistance.
9. The data privacy and security management system determines, describes, documents and demonstrate the capability that must acquired and implement in order to deliver and support the control objectives of what to achieve, prevent, maintain and eliminate.

The whole-of-the-enterprise have to agree and communicate the compliance governance, success factors, results indicators, adopted policy, prescribed activities, established methodology, and the identified risks of non-compliance. The established data privacy and security management system determines, describes, documents and demonstrate the capability that must be acquired and implemented in order to deliver and support the control objectives of what to achieve, prevent, maintain and eliminate.

Day 1: Security and Privacy Management Framework, System and Methodology

Learning Objectives:

1. Adopt known practice standards and regulatory advisories to design, develop, operate and improve a security and privacy management framework and methodology that are applicable to the agency context of mandate, funds, process, and people.
2. Identify and elaborate the operational requirement that clearly specifies the readiness requirements to implement the security and privacy goals, policy, processes, measurement, competency and technologies of insuring the security of information and the privacy of personal information.
3. Compose the mandated Privacy Management Manual guided by the NPC published template of contents.
Learning Topics:

1. Data Privacy Management Capability Assessment
2. Data Privacy Accountability Framework
3. Data Privacy Rights Process
4. Personal Data Processing Privacy Policies and Procedures
5. Personal Data Security Measures
6. Security Incident and Breach Management
7. Data Privacy Management Manual Template
8. Data Privacy Agreements and Service Contracts

Day 2: Breach Management, Security Operation Center, Incident Response Team

Learning Objectives:

1. Adopt the published regulatory procedures in the identification, analysis, control, response and report of security and privacy breach.
2. Utilize the known practice standards in security incident management and business continuity.
3. Plan and design the Security Operation Center to deliver and support the cyber security function of identification, protection, detection, response, recovery, investigation, and continuity.
4. Identify the competency requirements for the security incident response team.
5. Examine the value-stream and supply-chain of security and privacy solutions.
6. Compose the procurement plan for the technical measures of securing the cyber infrastructure and protecting the data privacy with appropriate methodology, services, and technology.

Learning Topics

1. Security Management Function and Processes
2. Security Incident Categories and Controls
3. Security Incident Management Framework
4. Design, Acquire, Build, and Operate a Security Operation Center
5. Breach Identification, Control, Response, and Reporting Procedures in Compliance with NPC requirement
6. Security Incident Response Team Competency and Capability Model
7. Security Technologies Procurement Guidance



TRAINING FEE PER PERSON: P16,980 (Fee covers Meals, Resource Kit, Certificate of Attendance)


Less 5% for early registrants (on registrations made on or before July 4, 2020)
Less 5% for early payment (if made on or before July 24, 2020)
Less 5% for group registration (minimum of 3 participants)

Share |
Download: Flyer - Black&White (.PDF 406kb)
                          Course Outline (.PDF 366kb)