Here in the Philippines, a misconception about the Data Protection Act 2012 (DPA) is the idea that it discourages – or, worse, data sharing. Data sharing can be a reciprocal exchange between two organizations: X shares or allows access to a data set in exchange for the phrase shared by Y. Several organizations may also choose to share their information and make it available to other parties or both. This is not always normal. From time to time, there may also be one-time disclosures between two or more institutions. The exchange of data for commercial purposes must be covered by a data exchange agreement that creates adequate safeguards for data protection and the security of the persons concerned, in order to preserve the rights of the persons concerned. Destocking or subcontracting agreements must include defining the purpose and duration of processing, the nature and purpose of the processing, the nature of the personal data and the categories of persons involved, the obligations and rights of the personal data processor, and the geographical location of the processing under the outsourcing agreement. Agreements between LESP and PIP can take the form of data exchange, outsourcing or subcontracting agreements. As a general rule, outsourcing or subcontracting does not require the consent of the person concerned, but the execution of an outsourcing or subcontract. In an outsourcing or subcontract, the ICP uses contractual or other appropriate means to ensure that there are appropriate safeguards in place to ensure the confidentiality, integrity and availability of personal data processed, to prevent its use for unauthorized purposes and, in general, to meet the requirements of the law, the FOU, other laws applicable to the processing of personal data and other issues. IPCs and PIPs record their data processing systems, defined as structures and procedures where that personal data is collected and processed later in a relevant information and communication system or archiving system, in the following cases: The following conditions determine the date on which any breach of personal data should be notified. data transfers to third parties, including transfers to a subsidiary or parent company. , the consent of the person concerned and, as explained in Section 8, the implementation of a data-sharing agreement or the use of a contract or other appropriate means to provide a comparable level of protection, while personal data is processed by third parties.