Vietnam: Adopted Decree implementing Law on Cybersecurity including data localisation requirement (Decree no. 53)

On 15 August 2022, the Government of Vietnam issued a decree Decree No. 53/2022/ND-CP requiring foreign enterprises, including social media organisations, telecommunication and e-commerce companies, and online payment intermediaries, to store their users' data locally. The data includes personal data that can identify a service user in Vietnam, data created by service users in Vietnam including credit card information, registered phone number, and data on the relationship of service users in Vietnam with whom the user interacts. The decree would come into force on 1 October 2022, and companies under the purview of the Decree will have 12 months to set up local data storage or representative office upon receipt of instructions from the Minister of Public Security and are required to store the data onshore for a minimum period of 24 months from the time the enterprise receives the data storage request.