Vietnam’s Protection of Personal Data

Operationalize personal data protection compliance with the most comprehensive PrivacyOps platform

Last Updated on مايو 12, 2023

Schedule Your
Personal Demo

Learn how you can leverage Securiti’s Data Command Center to address data security, privacy, governance, and compliance.

See a demo
Schedule your demo today

On April 17th, 2023, Vietnam’s Personal Data Protection Decree (Decree) was finally published by the Vietnamese Government and will be effective from 1st July 2023.

The Decree brings several changes, such as introducing various exemptions related to the data subjects’ consent for personal data processing.

Additionally, the Decree imposes disciplinary actions and administrative fines for any violations of the provisions of the Decree. Such penalties will be laid down in detail in regulations to be issued under the Decree.

In essence, the Decree aims to implement “privacy by design”, requiring all organizations involved in data processing to adopt appropriate data privacy and security measures within the core of their operations.


The Solution

Securiti promises thorough compliance with Vietnam’s Decree on Personal Data Protection thanks to its PI data discovery, DSR automation, documented accountability, and AI-process automation features.

Its data solutions and a plethora of similar solutions, backed up by state-of-the-art artificial intelligence and machine-learning-based algorithms, make Securiti an ideal option for organizations that want to achieve effective and efficient compliance with the relevant regulatory requirements in Vietnam.

 

Vietnam Protection of Personal Data Regulation Solution

Request a demo today to learn how Securiti can aid you and your organization's compliance efforts.


Assess Readiness

Articles: 1, 3, Ch II

Automate the timely internal assessments of all data collection and processing-related activities, mechanisms, and processes to ensure they remain compliant with the regulations. Appropriate changes can be implemented proactively to address any blind spots adequately.

vietnam readiness assessment
vietnam pdp dsr request

Secure Fulfillment of Data Access & Porting Requests

Articles: 9(1), 9(3), 9(7), 14

Automate the entire process of fulfilling consumer data access requests and obtain a portable copy of their personal data. Helps to gain real-time updates on the status of each request via the central dashboard.

Automate Processing of Rectification & Update Requests & Ensure Accuracy

Article: 15

Automated data subject verification and rectification workflows enable smooth and efficient fulfillment of data rectification requests for all instances of a subject's personal data.

data rectify request
data erasure request

Automate Erasure / Destruction / Anonymization Requests

Articles: 16, 20(3)(a)

Reliably meet erasure requests using adaptable, automated, and customizable workflows.

Automate Restriction and Objection to Processing Requests

Article: 9(6), 9(8)

Automate the process behind responding to all objections and subsequent termination of data processing requests and simultaneously monitor their real-time updates via the central dashboard.

Vietnam personal data explorer
vietnam cookie tracking consent

Monitor & Track Consent

Articles: 9(2), 9(4), 11, 12, 17, 20(3)(b)

Ensure absolute compliance with the appropriate regulatory requirements via deep insights into all users' consent statuses via the central dashboard. This allows for any potential processing or transfer of data to occur only per the relevant consent requirements.

Map Data Flows & Generate RoPA Reports

Article: 25

Track data flows in and out of your organization's data infrastructure, trace this data, and catalog, transfer, and document business process flows internally and to service providers or third parties. These insights can then be used to automate the generation of a record of processing activities (RoPA) to comply with all necessary documentation-related regulatory requirements.

data mapping
vietnam dpia risk assessment

Automate DPIAs & Risk Assessments

Article: 24

Automate the execution of a data protection impact assessment (DPIA) to ensure it is conducted at regular intervals, giving you ample time, data, and insights to take appropriate actions if necessary.

Automate Data Breach Response Notifications

Article: 23

Automate data breach response notifications to all concerned stakeholders as soon as legally obliged by leveraging a knowledge database on security incident diagnosis and response.

data breach response notification
vietnam privacy policy notice management

Privacy Policy & Notice Management

Articles: 13, 18

Automate the generation of a privacy policy that adequately informs the users about your organization's data processing practices while fully complying with all applicable law provisions.

Manage Vendor Risk

Article: 41

Keep track of privacy and security readiness for all your service providers and processors from a centralized dashboard. Collaborate with vendors, automate data requests, and manage all vendor contracts and compliance documents from a consolidated platform.

vietnam pdp vendor risk management
vietnam pdp Data Security Controls

Automate Data Security Controls

Articles: 26, 27, 28

Leverage several data security-oriented products and modules, such as access controls and identity management, to instill appropriate controls to ensure all data with your organization's data infrastructure is always adequately protected.

Key Facts About Vietnam's Decree

Here are some critical facts to know about Vietnam’s Decree on Personal Data Protection:

1

The regulatory authority is the Department of Cyber Security and Hi-Tech Crime Prevention of the Ministry of Public Security;

2

In case of processing of personal data of a child 7 years or older, consent must be obtained from both the child as well as the parent/guardian;

3

The Decree approves five cases of data processing without data subject consent: (1) to protect the life and health of data subjects or others in cases of emergency; (2) public disclosure of personal data under legal requirements; (3) processing done by relevant regulatory agencies for specific purposes such as investigations etc.; (4) to fulfill contractual obligations of the data subject with relevant agencies etc.; (5) processing done by relevant state agencies during emergencies such as prevention of violence, terrorism, etc;

4

Organizations are required to conduct an impact assessment before transferring any personal data outside of Vietnam. The importing and exporting parties are also required to have a contractual agreement in place that outlines the responsibilities of each party with respect to data transfers;

5

The regulatory authority must be informed of any violations under the Decree within 72 hours after the violation occurs. This notification should be in the prescribed form no. 3 of the appendix of the Decree.

IDC MarketScape

Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software

Read the Report

What's
New