2023 protection of personal data in Vietnam
On April 17, 2023, the Vietnamese government issued Decree No. 13/2023/ND-CP (referred to as “Decree No. 13”) regarding the protection of personal data, which officially came into effect on July 1. The measures and conditions for safeguarding personal data are as follows:
Measures for Protecting Personal Data:
- Organizational and individual measures related to the management of personal data processing.
- Technical measures adopted by organizations and individuals in relation to personal data processing.
- Measures taken by competent state authorities in accordance with this decree and relevant laws.
- Investigation and procedural measures taken by competent state authorities.
- Other measures as stipulated by law.
The protection of personal data essentially involves the application of the aforementioned personal data measures. The establishment and issuance of regulations on personal data protection, specifying measures to be taken as prescribed by this decree. Encouraging the adoption of personal data protection standards suitable for various fields, industries, and activities involving personal data processing. Before processing, irreversibly deleting, or destroying devices containing personal data, the network security of the personal data processing systems, methods, and equipment should be inspected.
Protection of Sensitive Personal Data:
Protection of sensitive personal data entails applying the basic personal data protection measures; designating departments with responsibilities for personal data protection, appointing personal data protection officers, and exchanging information with specialized institutions responsible for personal data protection. If personal data controllers, personal data controllers and processors, data processors, or third parties are individuals, personal data exchange should be conducted; data subjects should be informed about the processing of sensitive personal data, with certain specific exceptions.
Institutions Committed to Personal Data Protection:The decree specifies that the competent authority for personal data protection is the Network Security and High-Tech Crime Prevention and Control Department under the Ministry of Public Security. This authority is responsible for assisting the Ministry of Public Security in carrying out national data management and security tasks and protecting personal data.
National Personal Data Protection Portal:
The portal provides information about the party’s policies, legal information, and policies on national personal data protection. It disseminates policies and laws related to personal data protection, updates on personal data protection, and receives information, records, and data related to personal data protection activities through cyberspace. The portal also receives reports of violations of personal data protection regulations, issues warnings and coordinates warnings related to personal data risks and violations, and takes lawful actions against violations of personal data protection. It engages in other activities as stipulated by the Personal Data Protection Law.
Source: Vietnam Government News