DivinaLaw Partner Atty. Jay-r C. Ipac recently shared the implications of global privacy regulations on Philippine businesses during the 6th Data Privacy and Cybersecurity Professionals Summit held in Pasay from March 27 to March 28, 2025.
Speaking on cross-border data transfers, Atty. Ipac said “[In the European Union] Transfers to other countries [like the Philippines] must be based on number 1, adequacy decision (which means that there is a determination by the EU that the particular country to whom the personal information will be transferred adequately meets the standards of the GDPR (EU’s General Data Protection Regulation).”
“Number 2, if you do not meet the adequacy decision of the GDPR, the controller or processor to whom you are sharing personal information must have provided appropriate safeguards. One of the appropriate safeguards would be the standard contractual clauses of the EU.”
“The ASEAN model contractual clauses will apply to inter-ASEAN transfers. Whereas where the GDPR directly applies to the transferee, it is the GDPR and not the [EU] standard contract clauses that will apply.”
Aside from discussing the GDPR and the country’s Data Privacy Act, Atty. Ipac also shared learnings from local and international cases emphasizing the importance of legal and factual due diligence.
Atty. Ipac is a member of the International Association of Privacy Professionals and part of DivinaLaw’s Data Privacy team.
