Data Quality Assurance

Plain English Translation

Organizations must ensure that personal data held is accurate, relevant, and complete relative to the purpose of processing, and must keep it up to date where necessary. Inaccurate or incomplete records must be corrected, supplemented, or destroyed. Data subjects have the right to dispute errors and have the controller correct them promptly.

Executive Takeaway

Organizations must ensure that personal data is accurate, complete, relevant, and up-to-date, implementing immediate mechanisms to rectify or destroy inaccurate information.

ImpactHigh
ComplexityMedium

Why This Matters

  • Prevents adverse decisions from being made against data subjects based on outdated, inaccurate, or incomplete information.
  • Mitigates regulatory penalties under RA 10173 by actively adhering to the foundational principle of data quality.
  • Improves overall business efficiency and customer trust by maintaining a highly reliable and clean data inventory.

What “Good” Looks Like

  • Automated validation rules at all data intake points to prevent the entry of malformed or incomplete records.
  • A formal, documented procedure allowing data subjects to easily request corrections to their personal information, with tools like WatchDog Security's Policy Management supporting version control and acceptance tracking for the underlying procedure.
  • Periodic data quality audits that identify, quarantine, and rectify or destroy stale and inaccurate records; tools like WatchDog Security's Compliance Center can help organize audit evidence and surface gaps across mapped privacy controls.

Put Philippines DPA (2012) compliance + 19 others on autopilot

Starting at $99/admin/mo — includes all frameworks, evidence automation, and AI-powered gap analysis.

Start Free Trial No credit card required

RA 10173 requires that all processed personal data be accurate, relevant, complete, and kept up to date in relation to the specifically declared purpose of processing.

The data quality principle, detailed in Rule IV, Section 19(c), dictates that organizations must maintain accurate and relevant data, and must rectify or destroy inaccurate information.

Organizations should implement strict input validation, offer self-service profile management for data subjects, and conduct regular database audits to identify and refresh stale data.

The company must immediately rectify the data, supplement it to make it complete, restrict its further processing, or securely destroy the inaccurate records.

Yes, data subjects have a specific right to dispute inaccuracies, and organizations are legally obligated to correct the errors immediately and notify previous recipients.

Inaccurate or incomplete data must be destroyed or its processing restricted when it cannot be rectified or supplemented to meet the required quality standards for its intended purpose.

It ensures organizations do not make flawed decisions based on bad data, upholds the rights of data subjects, and directly satisfies the statutory principles of processing.

Organizations must document the procedures for receiving correction requests, verifying the data subject's identity, executing the update in the database, and notifying third-party processors.

The designated Data Protection Officer (DPO) and the personal information controller hold primary accountability for ensuring the organization's data quality processes are effective.

CISOs can audit data quality by reviewing input validation rules in system architectures, examining the Data Subject Request logs for correction requests, and testing data lifecycle automation scripts.

Data quality controls often fail because validation rules, correction logs, audit results, and destruction records are scattered across teams. Tools like WatchDog Security's Compliance Center can centralize control evidence, map it to RA 10173 requirements, and help teams identify gaps before an internal review or external assessment.

Procedures for correcting, supplementing, restricting, or destroying inaccurate data need clear ownership, version history, and employee acknowledgment. Tools like WatchDog Security's Policy Management can help maintain approved data quality policies, track acceptance, and preserve a record of updates over time.

PHILIPPINES-DPA Rule IV, Section 19(c)

"Processing should ensure data quality 1. Personal data should be accurate, relevant and complete with respect to the purpose of processing. 2. Personal data shall be kept up to date when necessary for the declared, specified and legitimate purpose. 3. Inaccurate or incomplete data must be rectified, supplemented, destroyed or their further processing restricted."

PHILIPPINES-DPA Rule VIII, Section 34(d)

"Right to correct. The data subject has the right to dispute the inaccuracy or error in the personal data and have the personal information controller correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable."

VersionDateAuthorDescription
1.0.02026-05-06Compliance Content SpecialistInitial publication