A Web-Based Data P rivacy Compliance Management System Centered on the Data Privacy Act of 2012 For Business Process Outsourcing Companies

The Philippines serves as a leading destination for business process outsourcing (BPO), and as it ensures its position as a top BPO outsourcing destination, compliance with the Data Privacy Act of 2012 is a must. However, data privacy compliance is never easy; factors such as awareness, budget, and time constraints hamper organizations' compliance. Since manual reviews and internal audits of data privacy compliance activities are time-consuming, resource-intensive, and lack coverage, some BPO companies have chosen to use information systems to address the issues. Nevertheless, there is evidence that organizations are struggling to find the appropriate tools and guidance on compliance management systems (CMS). The researcher developed a standardized web-based CMS to address the issues mentioned. A mixed-method exploratory design was utilized for data collection and analysis. An interview was conducted with 3 DPOs from 3 BPOs to determine the beneficial and lacking features of current systems. The same participants with 60 other employees from the 3 BPOs, validated and verified the developed system and compared its efficiency and effectiveness with the existing systems. It was concluded that the existing CMS the participants used has missing features that could help in their day-to-day tasks, difficult to navigate, not user-friendly, and too broad and general. The results revealed that the respondents rated the Web-based Data Privacy Compliance Management System better than the existing system in terms of effectiveness and efficiency. The developed system was also validated and verified based on the initial scope of the system. To further help with the organization’s compliance, an expansion to target participants aside from BPO, incorporating GDPR, CCPRA, and other privacy laws, and integrating good practices such as IAPP can be considered.