Vietnam: Implementing Regulations of Law on Personal Data Protection including data protection authority governance entered into force

On 1 January 2026, the Implementing Regulations of the Law on Personal Data Protection including data protection authority governance entered into force. The Implementing Regulations further specify the regulatory requirements established by the framework of the Law on Personal Data Protection. Article 31 set out the procedures for monitoring activities by authorities, including through both scheduled and unannounced inspections. Articles 32 and 33 outline the state's role in promoting research into protection technologies, setting standards, guiding implementation, building capacity, and enforcement. The varying functions of different government ministries are also set out in the Implementing Regulations. Article 34 assigns the Ministry of Public Security as the primary authority for unified state management, legal drafting and enforcement, while Article 35 tasks the Ministry of National Defence with coordinating the protection of personal data, applying advanced technologies for defence purposes, and enforcing the law within its jurisdiction. Further, the Ministry of Science and Technology (Article 36) must collaborate on developing technical standards and innovative protection solutions. Article 37 obligates all other ministries and government agencies to implement, fund, and enforce data protection rules within their respective sectors, while Article 38 delegates similar implementation, funding, training, and reporting duties to provincial and municipal People's Committees at the local level. Finally, the Implementing Regulations provide for a specialised agency for personal data protection, operating under the Ministry of Public Security, and the creation of a national portal for public information and feedback.