Vietnam: Law on Personal Data Protection including cybersecurity regulation was introduced to National Assembly of Vietnam

On 5 May 2025, the Law on Personal Data Protection was introduced to the National Assembly of Vietnam. The Law requires organisations to implement suitable technical and organisational measures to safeguard personal data against unauthorised access, disclosure or misuse. This encompasses the establishment of a dedicated data protection officer or department to provide oversight, although small and medium-sized enterprises and startups may be temporarily exempt. In the event of a personal data breach, the relevant authorities and data subjects must be informed. The notification must include a detailed account of the nature of the breach, its consequences, and the measures taken to mitigate its impact. It is required that organisations conduct regular risk assessments and audits to ensure ongoing compliance with data protection Law.