On 1 July 2023, the Vietnamese Decree on Personal Data Protection entered into force. The Decree aims to establish a comprehensive data protection regulation. In particular, Chapter 1 of the Decree provides definitions such as "personal data" and "sensitive personal data" and sets out the basic principles of personal data protection. Chapter 2 outlines the rights of data subjects, including the right to information, right to consent, right of access, right to consent withdrawal, right to deletion, right to restrict data processing, right to provide data, right to object to data processing, right to complain, right to claim damages and right to defence. Further, Chapter 2 regulates the obligations of data controllers, legal protection of data, lawful processing of data, data protection impact assessment, cross-border transfer of data, and measures to protect personal information, including sensitive data. Chapter 3 outlines the obligations of government agencies, data controllers, data processors, third parties, and other organisations and individuals.
Original source