Since the assets are being transferred, so are usually the customers datasets which are administrated in databases. The new European General Data Protection Regulation (GDPR) clarifies how customer data has to be handled during an asset deal. This problem doesn’t arise during a share deal since the databases stay in the same company.
Pursuant to the Data Privacy Act of 2012, covered Personal Information Controllers (PICs) and Personal Information Processors (PIPs) complied with Phase I registration with the National Privacy Commission (NPC) by 8 September 2017 or within 2 months from commencement of their data processing systems. Registration of the PICs or PIPs under Phase I was accomplished through the designated Data Protection Officer (“DPO”).
The National Assembly did not include the proposal of the new Personal Data Protectionin the agenda of its next extraordinary session. This means that the controllers andprocessors will have to comply with the requirements of the General Data ProtectionRegulation no later than 25 May 2018, because there will be no promised adaptationperiod.