IDC Names Securiti a Worldwide Leader in Data Privacy


Vietnam’s Law on Cyberinformation Security, Law No. 86/2015/QH13

Operationalize compliance with the most comprehensive PrivacyOps platform

Last Updated on November 7, 2023

Privacy Center
Fully Functional In Minutes

Elegant Consumer Frontend, Fully Automated Backend, Privacy Regulation Intelligent Everywhere.


Vietnam’s Law on Cyberinformation Security, Law No. 86/2015/QH13, was enacted in 2015. The law applies to all activities related to the protection of national security and information security in cyberspace within Vietnam. The law consists of seven chapters and 58 articles covering various aspects of cybersecurity, including the protection of critical information infrastructure, data protection, and the prevention of cybercrime.

The law deals with network information security activities, rights, and responsibilities of individuals, organizations, and agencies in securing network information. It covers civil cryptography, technical standards, and norms for network information security, information security business, human development for network information security, and state management of network information security.

The law also focuses on data protection and privacy, imposing obligations on organizations to ensure the security and confidentiality of personal information and other data. It also imposes penalties for cybercrime offenses, including hacking, spreading malware, and cyberterrorism.

The law establishes the legal framework for information security management, requiring organizations to establish information security policies and procedures and to implement measures to protect their information systems and networks. The law also deals with international cooperation and exchange in the field of cybersecurity, promoting cooperation among countries to prevent and combat cyber threats.

The Solution

Securiti enables organizations to comply with Vietnam’s Law on Cyberinformation Security, Law No. 86/2015/QH13, through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.

Securiti supports enterprises in their journey toward compliance with Vietnam’s Law on Cyberinformation Security, Law No. 86/2015/QH13, through automation, enhanced data visibility, and identity linking.

Vietnam’s Law compliance Solution

Request a demo today to learn how Securiti can aid you and your organization's compliance efforts.

Assess Personal Information Protection Act Readiness

Articles: 16, 17

With the help of Securiti’s multi-regulation, collaborative, readiness, and privacy impact assessment system, you can measure your organization's posture against Law on Cyberinformation Security, Law No. 86/2015/QH13, identify the gaps and address the risks.

Vietnam Readiness Assessment
data access request

Secure Fulfillment of Data Subjects' Rights Requests

Articles: 17(3) + 18

DSR automation allows data subjects to request access, updating, alteration, or deletion of their personal information collected or stored by organizations and individuals handling their personal data. Securiti’s Data Subject Access Requests automation also enables organizations to create customized data subject rights request forms embedded in websites, verify identities, and aggregate requests into a fulfillment automation workbench.

Universal Consent Management

Article: 10(2)

Allows individuals and organizations to capture consent from data subjects when sending them commercial information and fulfills consent revocation when data subjects refuse to receive such information.

Universal Consent Management
Vietnams Law Regulation Cookie Consent Compliance

Monitor and Track Consent

Article: 17(1)

Enables capturing consent for the collection of personal data, using it for a secondary purpose, and disclosure or sharing it with third parties and automating in a simplified and automatic manner. Securiti's Consent Management Platform enables organizations to obtain end-users' consent for data access, retrieval, and advertising purposes.

Data Mapping

Articles: 9 + 16 + 17

Allows organizations and individuals to classify information in possession by its sensitivity level, confidentiality and information security level. Securiti’s Data Mapping automation harnesses data discovery to keep asset and processing records up-to-date, initiate privacy impact assessments (PIAs), generate a record of processing activities (RoPA) reports, and assess risk associated with their data life cycle.

Data Mapping
breach response notification

Automate Data Breach Response Notifications

Article: 13

Automates response to network information security incidents in a timely, speedy, accurate and effective manner. Automate compliance actions and breach notifications to concerned stakeholders concerning security and data breach incidents by leveraging a knowledge database on security and data breach incident diagnosis and response. Issue timely notification of eligible data breaches to the regulatory authority, and individuals, the information that is to be provided to the individuals, and circumstances when notification is to be made to the public.

Enable Appropriate Security Controls

Articles: 10(3)(d) + 11 + 18(2)(b) + 19 + 24

Data Security Posture Management enables you to create security posture policies as per the requirements of the applicable law and remediate security settings of data resources. This eventually helps you determine the security level and accordingly implement relevant technical and operational measures to protect personal data in the system network and continuous monitoring for the detection and prevention of malware.

Data Security Posture Management

Facts About Vietnam’s Law on Cyberinformation Security, Law No. 86/2015/QH13


The law was enacted by the National Assembly of Vietnam on November 19, 2015, and went into effect on July 1, 2016.


The law applies to all individuals, organizations, and agencies that use, manage, and operate in the cyberspace of Vietnam.


System owners are required to train managers and technicians in network information security. Security officers must be given appropriate working conditions and priority training in network information security skills.


Companies selling civil encryption products must obtain a business license for trading in cryptographic products or services listed and must meet the requirements set out in Article 31.


The law imposes obligations on Internet service-providing enterprises to take measures to manage, prevent, detect, and stop the spread of malware and handle it at the request of competent state agencies.


The law also establishes a cybersecurity monitoring and incident response system that is responsible for detecting, preventing, and handling cybersecurity incidents and attacks.


Violators of these regulations may face disciplinary, administrative, or penal action, and may be required to pay damages in accordance with the current laws of Vietnam.

Forrester Names Securiti a Leader in the Privacy Management Wave Q4, 2021

Read the Report
Forrester Wave

Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software

Read the Report
IDC MarketScape

At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.


Gartner Cool Vendor Award Forrester Badge IAPP Innovation award 2020 IDC Worldwide Leader RSAC Leader CBInsights Forbes Security Forbes Machine Learning G2 Users Most Likely To Recommend