Description

Closed consultation on personal data protection draft decree

On 9 April 2021 the Vietnamese Ministry of Public Security closed the consultation for public comments on the second version of the personal data protection draft decree ('draft decree'). With this decree, Vietnam's government is aiming to establish a comprehensive regulation of data protection, introducing obligations to protect personal data of organizations and individuals. The draft decree defines in the first chapter the terms of "personal data" and "sensitive personal data" and stipulates the basic principles of personal data protection. Chapter two of the draft decree deals with the legal processing of data and outlines the rights of data subjects. Chapter three of the draft decree outlines the necessary protection measures for companies and persons processing data, such as for example requirements for technical measures, a registration of sensitive personal data processing, etc. Additionally, it is foreseen in the draft decree that a fine of up to VND 100 million or 5% of the total revenue of the personal data processor in Vietnam may be imposed in case of data breaches.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
legislature
Government Body
central government

Complete timeline of this policy change

Hide details
2021-02-09
in consultation

On 9 February 2021 the Vietnamese Ministry of Public Security opened the consultation for public co…

2021-04-09
processing consultation

On 9 April 2021 the Vietnamese Ministry of Public Security closed the consultation for public comme…

2023-04-17
adopted

On 17 April 2023, the Vietnamese Government published the Decree on Personal Data Protection, aimin…

2023-07-01
in force

On 1 July 2023, the Vietnamese Decree on Personal Data Protection entered into force. The Decree ai…

Key regulatory dimensions

Regulated subjects

The businesses, government agencies or individuals affected by this policy or regulatory change.
producer / supplier
1
Type Any
Economic activity cross-cutting
Category All

Policy change by business practice

The detailed activities within the scope of this policy or regulatory change.
personal data (all forms): data processing
Regulatory tool
Purpose/processing limitation
User notification requirement
User consent: Opt-in requirement
Sanctions
Fine
Regulated subjects
1
personal data (all forms): transfer: domestic
Regulatory tool
Sanctions
Fine
Regulated subjects
1
personal data (all forms): storage (any form)
Regulatory tool
User right to rectification of personal data
User right to access personal data
User right to deletion of personal data
Preventive security requirement
Data storage/retention obligation
Sanctions
Fine
Regulated subjects
1
personal data: biometric: storage (any form)
Regulatory tool
Risk or other impact assessment requirement
Regulator approval requirement
Data storage/retention obligation
Sanctions
Fine
Regulated subjects
1
personal data: health: storage (any form)
Regulatory tool
Risk or other impact assessment requirement
Regulator approval requirement
Data storage/retention obligation
Sanctions
Fine
Regulated subjects
1
personal data: genetic: storage (any form)
Regulatory tool
Risk or other impact assessment requirement
Regulator approval requirement
Data storage/retention obligation
Sanctions
Fine
Regulated subjects
1
personal data: gender: storage (any form)
Regulatory tool
Risk or other impact assessment requirement
Regulator approval requirement
Data storage/retention obligation
Sanctions
Fine
Regulated subjects
1
consumer data: location: storage (any form)
Regulatory tool
Risk or other impact assessment requirement
Regulator approval requirement
Data storage/retention obligation
Sanctions
Fine
Regulated subjects
1
personal data: sexual orientation: storage (any form)
Regulatory tool
Risk or other impact assessment requirement
Regulator approval requirement
Data storage/retention obligation
Sanctions
Fine
Regulated subjects
1
personal data: political orientation: storage (any form)
Regulatory tool
Risk or other impact assessment requirement
Regulator approval requirement
Data storage/retention obligation
Sanctions
Fine
Regulated subjects
1
personal data: religious beliefs: storage (any form)
Regulatory tool
Risk or other impact assessment requirement
Regulator approval requirement
Data storage/retention obligation
Sanctions
Fine
Regulated subjects
1
personal data: information pertaining to minors: data processing
Regulatory tool
Purpose/processing limitation
Sanctions
Fine
Regulated subjects
1

Policy change by business practice

The detailed activities within the scope of this policy or regulatory change.

personal data (all forms): data processing

personal data (all forms): transfer: domestic

personal data (all forms): storage (any form)

personal data: biometric: storage (any form)

personal data: health: storage (any form)

personal data: genetic: storage (any form)

personal data: gender: storage (any form)

consumer data: location: storage (any form)

personal data: sexual orientation: storage (any form)

personal data: political orientation: storage (any form)

personal data: religious beliefs: storage (any form)

personal data: information pertaining to minors: data processing

We use cookies and other technologies to perform analytics on our website. By opting in, you consent to the use by us and our third-party partners of cookies and data gathered from your use of our platform. See our Privacy Policy to learn more about the use of data and your rights.