Data Protection & Total Quality Management Officer

Duties & Responsibilities


  • Monitors the hospital's compliance with the Data Privacy Act, implementing rules and regulations, and issuance by the National Privacy Commission and other applicable laws and policies.
  • Plans, coordinates, and implements the quality management and quality improvement programs for the hospital.
  • Monitors and provides assistance with quality assurance and compliance functions.
  • Support and conduct internal/external audits and management of audit results and follow ups.
  • Quality system documentation reviews are coordinated and system reporting conducted as required with all operating improvement actions managed
  • Collects and maintains records and information to identify the processing operations, activities, measures, projects, programs, or systems.
  • Analyzes and checks the compliance of processing activities, including the issuance of security clearances to and compliance by third-party service providers.
  • Ensures the renewal of all necessary accreditation or certifications to maintain the required standards in personal data processing.
  • Advice necessity of executing a Data Sharing Agreement with third parties, and ensure its compliance with the law.
  • Ensures the conduct of Privacy Impact Assessments relative to activities, measures, projects, programs, or systems.
  • Documents complaints and/or the exercise by data subjects of their rights (e.g., requests for information, clarifications, rectification or deletion of personal data).
  • Ensure proper data breach and security incident management, including the latter’s preparation and submission to the NPC of reports and other documentation concerning security incidents or data breaches within the prescribed period.
  • Inform and cultivate awareness on privacy and data protection within the organization, including all relevant laws, rules and regulations of the NPC.
  • Advocate for the development, review and/or revision of policies, guidelines, projects and/or programs of the relating to privacy and data protection, by adopting a privacy by design approach.
  • Serve as the contact person regarding data subjects, the NPC and other authorities in all matters concerning data privacy or security issues or concerns.
  • Cooperate, coordinate and seek advice of the NPC regarding matters concerning data privacy and security.
  • Perform other duties and tasks that may be assigned that will further the interest of data privacy and security and uphold the rights of the data subjects.




  • Bachelors Degree of Industrial Engineering, Business Administration or related courses.
  • Preferably with experience in Data Privacy or Risk Management, Compliance and Audit, Process Governance and Quality Management, Framework Adoption, Business Operations and Execution, Policy and Process Design and Development, Project/Program Management
  • Knowledge of Philippine and Global Data Privacy Laws and Information Security Methodologies is an advantage