On 17 March 2025, the Ministry of Public Security closes its consultation on a Draft Decree to implement the Data Law (No. 2025/QH15). The Data Law, adopted on 30 November 2024, establishes a legal framework for data governance, covering data classification, protection, processing and cross-border transfers. This implementing regulation delineates specific compliance measures, including data protection authority governance. The Ministry of Public Security would serve as the primary regulatory body for data protection enforcement and compliance monitoring, working in conjunction with the Ministry of Information and Communications and other relevant agencies. The scope of its oversight would extend to the National Data Centre, with the implementation of cybersecurity protocols, conducting audits, and investigating breaches. The Decree bestows upon the Ministry of National Defense authority over national security-related data, with specialised roles for agencies such as the Government Cipher Committee, which would oversee encryption protocols. Ministries, provincial governments, and public agencies would be required to coordinate data governance efforts, ensuring compliance with national policies and integrating local data management frameworks with the National Data Centre.
Original source