Vietnam’s Decree No. 13/2023/ND on the Protection of Personal Data
Operationalize personal data protection compliance with the most comprehensive PrivacyOps platform
Privacy Center
Fully Functional In Minutes
Elegant Consumer Frontend, Fully Automated Backend, Privacy Regulation Intelligent Everywhere.
Email already in use
Looks like this email is already registered with an existing account.
Unexpected error occurred
Looks like there was an error completing your request, Please contact us here for further support.
Please do not close this window while we process your request
On February 7, 2023, Resolution No. 13/NQ-CP was issued to approve the 2nd draft Personal Data Protection Decree (Decree), which was passed in March 2022. The Committee for Defense and Security reviewed the submitted draft on February 8, 2023, while also considering the opinion of its delegates before submitting it back to the Standing Committee. On April 17th, 2023, the Decree was finally published and will be effective from 1st July 2023.
The Decree brings several changes, such as introducing various exemptions related to the data subjects’ consent for personal data processing.
Additionally, the Decree imposes disciplinary actions and administrative fines for any violations of the provisions of the Decree. Such penalties will be laid down in detail in regulations to be issued under the Decree.
In essence, the Decree aims to implement “privacy by design”, requiring all organizations involved in data processing to adopt appropriate data privacy and security measures within the core of their operations.
The Solution
Securiti promises thorough compliance with Vietnam’s 2nd Draft Decree on Personal Data Protection thanks to its PI data discovery, DSR automation, documented accountability, and AI-process automation features.
Its data solutions and a plethora of similar solutions, backed up by state-of-the-art artificial intelligence and machine-learning-based algorithms, make Securiti an ideal option for organizations that want to achieve effective and efficient compliance with the relevant regulatory requirements in Vietnam.
Request a demo today to learn how Securiti can aid you and your organization's compliance efforts.
Assess Readiness
Articles: 1, 3, Ch II
Automate the timely internal assessments of all data collection and processing-related activities, mechanisms, and processes to ensure they remain compliant with the regulations. Appropriate changes can be implemented proactively to address any blind spots adequately.
Secure Fulfillment of Data Access & Porting Requests
Articles: 9(1), 9(3), 9(7), 14
Automate the entire process of fulfilling consumer data access requests and obtain a portable copy of their personal data. Helps to gain real-time updates on the status of each request via the central dashboard.
Automate Processing of Rectification & Update Requests & Ensure Accuracy
Articles: 15
Automated data subject verification and rectification workflows enable smooth and efficient fulfillment of data rectification requests for all instances of a subject's personal data.
Automate Erasure / Destruction / Anonymization Requests
Articles: 16, 20(3)(a)
Reliably meet erasure requests using adaptable, automated, and customizable workflows.
Automate Restriction and Objection to Processing Requests
Article: 9(6), 9(8)
Automate the process behind responding to all objections and subsequent termination of data processing requests and simultaneously monitor their real-time updates via the central dashboard.
Monitor & Track Consent
Articles: 9(2), 9(4), 11, 12, 17, 20(3)(b)
Ensure absolute compliance with the appropriate regulatory requirements via deep insights into all users' consent statuses via the central dashboard. This allows for any potential processing or transfer of data to occur only per the relevant consent requirements.
Map Data Flows & Generate RoPA Reports
Article: 25
Track data flows in and out of your organization's data infrastructure, trace this data, and catalog, transfer, and document business process flows internally and to service providers or third parties. These insights can then be used to automate the generation of a record of processing activities (RoPA) to comply with all necessary documentation-related regulatory requirements.
Automate DPIAs & Risk Assessments
Article: 24
Automate the execution of a data protection impact assessment (DPIA) to ensure it is conducted at regular intervals, giving you ample time, data, and insights to take appropriate actions if necessary.
Automate Data Breach Response Notifications
Article: 23
Automate data breach response notifications to all concerned stakeholders as soon as legally obliged by leveraging a knowledge database on security incident diagnosis and response.
Privacy Policy & Notice Management
Articles: 13, 18
Automate the generation of a privacy policy that adequately informs the users about your organization's data processing practices while fully complying with all applicable law provisions.
Manage Vendor Risk
Article: 41
Keep track of privacy and security readiness for all your service providers and processors from a centralized dashboard. Collaborate with vendors, automate data requests, and manage all vendor contracts and compliance documents from a consolidated platform.
Automate Data Security Controls
Articles: 26, 27, 28
Leverage several data security-oriented products and modules, such as access controls and identity management, to instill appropriate controls to ensure all data with your organization's data infrastructure is always adequately protected.
Key Facts About Vietnam's Decree
Here are some critical facts to know about Vietnam’s 2nd draft Decree on Personal Data Protection:
The regulatory authority is the Department of Cyber Security and Hi-Tech Crime Prevention of the Ministry of Public Security;
In case of processing of personal data of a child 7 years or older, consent must be obtained from both the child as well as the parent/guardian;
The Decree approves five cases of data processing without data subject consent: (1) to protect the life and health of data subjects or others in cases of emergency; (2) public disclosure of personal data under legal requirements; (3) processing done by relevant regulatory agencies for specific purposes such as investigations etc.; (4) to fulfill contractual obligations of the data subject with relevant agencies etc.; (5) processing done by relevant state agencies during emergencies such as prevention of violence, terrorism, etc;
Organizations are required to conduct an impact assessment before transferring any personal data outside of Vietnam. The importing and exporting parties are also required to have a contractual agreement in place that outlines the responsibilities of each party with respect to data transfers;
The regulatory authority must be informed of any violations under the Decree within 72 hours after the violation occurs. This notification should be in the prescribed form no. 3 of the appendix of the Decree.
At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.
Copyright © 2023 Securiti · Sitemap · XML Sitemap
Newsletter
Resources
Get in touch
[email protected]
300 Santana Row Suite 450. San Jose,
CA 95128
