IDC Names Securiti a Worldwide Leader in Data Privacy


Vietnam’s Protection of Personal Data

Operationalize personal data protection compliance with the most comprehensive PrivacyOps platform

Last Updated on November 7, 2023

Privacy Center
Fully Functional In Minutes

Elegant Consumer Frontend, Fully Automated Backend, Privacy Regulation Intelligent Everywhere.


On April 17th, 2023, Vietnam’s Personal Data Protection Decree (Decree) was finally published by the Vietnamese Government and will be effective from 1st July 2023.

The Decree brings several changes, such as introducing various exemptions related to the data subjects’ consent for personal data processing.

Additionally, the Decree imposes disciplinary actions and administrative fines for any violations of the provisions of the Decree. Such penalties will be laid down in detail in regulations to be issued under the Decree.

In essence, the Decree aims to implement “privacy by design”, requiring all organizations involved in data processing to adopt appropriate data privacy and security measures within the core of their operations.

The Solution

Securiti promises thorough compliance with Vietnam’s Decree on Personal Data Protection thanks to its PI data discovery, DSR automation, documented accountability, and AI-process automation features.

Its data solutions and a plethora of similar solutions, backed up by state-of-the-art artificial intelligence and machine-learning-based algorithms, make Securiti an ideal option for organizations that want to achieve effective and efficient compliance with the relevant regulatory requirements in Vietnam.


Vietnam Protection of Personal Data Regulation Solution

Request a demo today to learn how Securiti can aid you and your organization's compliance efforts.

Assess Readiness

Articles: 1, 3, Ch II

Automate the timely internal assessments of all data collection and processing-related activities, mechanisms, and processes to ensure they remain compliant with the regulations. Appropriate changes can be implemented proactively to address any blind spots adequately.

Vietnam Personal Data Protection Readiness Assessment
dsr requests

Secure Fulfillment of Data Access & Porting Requests

Articles: 9(1), 9(3), 9(7), 14

Automate the entire process of fulfilling consumer data access requests and obtain a portable copy of their personal data. Helps to gain real-time updates on the status of each request via the central dashboard.

Automate Processing of Rectification & Update Requests & Ensure Accuracy

Articles: 15

Automated data subject verification and rectification workflows enable smooth and efficient fulfillment of data rectification requests for all instances of a subject's personal data.

data rectify request
data erasure request

Automate Erasure / Destruction / Anonymization Requests

Articles: 16, 20(3)(a)

Reliably meet erasure requests using adaptable, automated, and customizable workflows.

Automate Restriction and Objection to Processing Requests

Article: 9(6), 9(8)

Automate the process behind responding to all objections and subsequent termination of data processing requests and simultaneously monitor their real-time updates via the central dashboard.

Vietnam’s 2nd Draft Personal Data Protection Decree (PDPD)
personal data monitoring tracking

Monitor & Track Consent

Articles: 9(2), 9(4), 11, 12, 17, 20(3)(b)

Ensure absolute compliance with the appropriate regulatory requirements via deep insights into all users' consent statuses via the central dashboard. This allows for any potential processing or transfer of data to occur only per the relevant consent requirements.

Map Data Flows & Generate RoPA Reports

Article: 25

Track data flows in and out of your organization's data infrastructure, trace this data, and catalog, transfer, and document business process flows internally and to service providers or third parties. These insights can then be used to automate the generation of a record of processing activities (RoPA) to comply with all necessary documentation-related regulatory requirements.

Data Flow Mapping Vietnam PDPL
Risk Assessments Automation

Automate DPIAs & Risk Assessments

Article: 24

Automate the execution of a data protection impact assessment (DPIA) to ensure it is conducted at regular intervals, giving you ample time, data, and insights to take appropriate actions if necessary.

Automate Data Breach Response Notifications

Article: 23

Automate data breach response notifications to all concerned stakeholders as soon as legally obliged by leveraging a knowledge database on security incident diagnosis and response.

breach response notification
Privacy Policy Creation And Management

Privacy Policy & Notice Management

Articles: 13, 18

Automate the generation of a privacy policy that adequately informs the users about your organization's data processing practices while fully complying with all applicable law provisions.

Manage Vendor Risk

Article: 41

Keep track of privacy and security readiness for all your service providers and processors from a centralized dashboard. Collaborate with vendors, automate data requests, and manage all vendor contracts and compliance documents from a consolidated platform.

manage vendor risk
Data Security Controls

Automate Data Security Controls

Articles: 26, 27, 28

Leverage several data security-oriented products and modules, such as access controls and identity management, to instill appropriate controls to ensure all data with your organization's data infrastructure is always adequately protected.

Key Facts About Vietnam's Decree

Here are some critical facts to know about Vietnam’s Decree on Personal Data Protection:


The regulatory authority is the Department of Cyber Security and Hi-Tech Crime Prevention of the Ministry of Public Security;


In case of processing of personal data of a child 7 years or older, consent must be obtained from both the child as well as the parent/guardian;


The Decree approves five cases of data processing without data subject consent: (1) to protect the life and health of data subjects or others in cases of emergency; (2) public disclosure of personal data under legal requirements; (3) processing done by relevant regulatory agencies for specific purposes such as investigations etc.; (4) to fulfill contractual obligations of the data subject with relevant agencies etc.; (5) processing done by relevant state agencies during emergencies such as prevention of violence, terrorism, etc;


Organizations are required to conduct an impact assessment before transferring any personal data outside of Vietnam. The importing and exporting parties are also required to have a contractual agreement in place that outlines the responsibilities of each party with respect to data transfers;


The regulatory authority must be informed of any violations under the Decree within 72 hours after the violation occurs. This notification should be in the prescribed form no. 3 of the appendix of the Decree.

Forrester Names Securiti a Leader in the Privacy Management Wave Q4, 2021

Read the Report
Forrester Wave

Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software

Read the Report
IDC MarketScape

At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.


Gartner Cool Vendor Award Forrester Badge IAPP Innovation award 2020 IDC Worldwide Leader RSAC Leader CBInsights Forbes Security Forbes Machine Learning G2 Users Most Likely To Recommend