On 1 January 2026, the Data Law (No. 2025/QH15), which includes data protection regulations, enters into force. The Data Law aims to enhance the protection of personal and non-personal data, establishing comprehensive guidelines for data processing activities,s including collection, storage, modification, sharing, and deletion. The law also outlines and defines data quality, which includes accuracy, validity, integrity, completeness, timely updates, and consistency. Data collection must be aligned with authorised purposes and avoid redundancy unless necessary for validation, quality improvement or legal compliance. Individuals and organisations are permitted to create data within legal boundaries and are responsible for its integrity. Data will be categorised by level of sharing (open, shared, private), sensitivity (core, important), or application area and stored in centralised, structured repositories for efficient use at all levels of government. While certain datasets must be made publicly available, exceptions are made for data classified as private, confidential or sensitive to national security or personal privacy. Access rights must be strictly defined to ensure that only authorised entities can access or modify data, with principles of fairness, transparency and necessity guiding access. The law provides guidelines for the secure deletion, retrieval and irreversible destruction of data to prevent unauthorised recovery.
Original source