Securiti announces a $75M Series C Funding Round


Vietnam’s Decree No. 13/2023/ND on the Protection of Personal Data

Operationalize personal data protection compliance with the most comprehensive PrivacyOps platform

Privacy Center
Fully Functional In Minutes

Elegant Consumer Frontend, Fully Automated Backend, Privacy Regulation Intelligent Everywhere.


On February 7, 2023, Resolution No. 13/NQ-CP was issued to approve the 2nd draft Personal Data Protection Decree (Decree), which was passed in March 2022. The Committee for Defense and Security reviewed the submitted draft on February 8, 2023, while also considering the opinion of its delegates before submitting it back to the Standing Committee. On April 17th, 2023, the Decree was finally published and will be effective from 1st July 2023.

The Decree brings several changes, such as introducing various exemptions related to the data subjects’ consent for personal data processing.

Additionally, the Decree imposes disciplinary actions and administrative fines for any violations of the provisions of the Decree. Such penalties will be laid down in detail in regulations to be issued under the Decree.

In essence, the Decree aims to implement “privacy by design”, requiring all organizations involved in data processing to adopt appropriate data privacy and security measures within the core of their operations.

The Solution

Securiti promises thorough compliance with Vietnam’s 2nd Draft Decree on Personal Data Protection thanks to its PI data discovery, DSR automation, documented accountability, and AI-process automation features.

Its data solutions and a plethora of similar solutions, backed up by state-of-the-art artificial intelligence and machine-learning-based algorithms, make Securiti an ideal option for organizations that want to achieve effective and efficient compliance with the relevant regulatory requirements in Vietnam.


US California CCPA

Request a demo today to learn how Securiti can aid you and your organization's compliance efforts.

Assess Readiness

Articles: 1, 3, Ch II

Automate the timely internal assessments of all data collection and processing-related activities, mechanisms, and processes to ensure they remain compliant with the regulations. Appropriate changes can be implemented proactively to address any blind spots adequately.

dsr requests

Secure Fulfillment of Data Access & Porting Requests

Articles: 9(1), 9(3), 9(7), 14

Automate the entire process of fulfilling consumer data access requests and obtain a portable copy of their personal data. Helps to gain real-time updates on the status of each request via the central dashboard.

Automate Processing of Rectification & Update Requests & Ensure Accuracy

Articles: 15

Automated data subject verification and rectification workflows enable smooth and efficient fulfillment of data rectification requests for all instances of a subject's personal data.

data rectify request
data erasure request

Automate Erasure / Destruction / Anonymization Requests

Articles: 16, 20(3)(a)

Reliably meet erasure requests using adaptable, automated, and customizable workflows.

Automate Restriction and Objection to Processing Requests

Article: 9(6), 9(8)

Automate the process behind responding to all objections and subsequent termination of data processing requests and simultaneously monitor their real-time updates via the central dashboard.

Vietnam’s 2nd Draft Personal Data Protection Decree (PDPD)
personal data monitoring tracking

Monitor & Track Consent

Articles: 9(2), 9(4), 11, 12, 17, 20(3)(b)

Ensure absolute compliance with the appropriate regulatory requirements via deep insights into all users' consent statuses via the central dashboard. This allows for any potential processing or transfer of data to occur only per the relevant consent requirements.

Map Data Flows & Generate RoPA Reports

Article: 25

Track data flows in and out of your organization's data infrastructure, trace this data, and catalog, transfer, and document business process flows internally and to service providers or third parties. These insights can then be used to automate the generation of a record of processing activities (RoPA) to comply with all necessary documentation-related regulatory requirements.

Risk Assessments

Automate DPIAs & Risk Assessments

Article: 24

Automate the execution of a data protection impact assessment (DPIA) to ensure it is conducted at regular intervals, giving you ample time, data, and insights to take appropriate actions if necessary.

Automate Data Breach Response Notifications

Article: 23

Automate data breach response notifications to all concerned stakeholders as soon as legally obliged by leveraging a knowledge database on security incident diagnosis and response.

breach response notification

Privacy Policy & Notice Management

Articles: 13, 18

Automate the generation of a privacy policy that adequately informs the users about your organization's data processing practices while fully complying with all applicable law provisions.

Manage Vendor Risk

Article: 41

Keep track of privacy and security readiness for all your service providers and processors from a centralized dashboard. Collaborate with vendors, automate data requests, and manage all vendor contracts and compliance documents from a consolidated platform.

manage vendor risk

Automate Data Security Controls

Articles: 26, 27, 28

Leverage several data security-oriented products and modules, such as access controls and identity management, to instill appropriate controls to ensure all data with your organization's data infrastructure is always adequately protected.

Key Facts About Vietnam's Decree

Here are some critical facts to know about Vietnam’s 2nd draft Decree on Personal Data Protection:


The regulatory authority is the Department of Cyber Security and Hi-Tech Crime Prevention of the Ministry of Public Security;


In case of processing of personal data of a child 7 years or older, consent must be obtained from both the child as well as the parent/guardian;


The Decree approves five cases of data processing without data subject consent: (1) to protect the life and health of data subjects or others in cases of emergency; (2) public disclosure of personal data under legal requirements; (3) processing done by relevant regulatory agencies for specific purposes such as investigations etc.; (4) to fulfill contractual obligations of the data subject with relevant agencies etc.; (5) processing done by relevant state agencies during emergencies such as prevention of violence, terrorism, etc;


Organizations are required to conduct an impact assessment before transferring any personal data outside of Vietnam. The importing and exporting parties are also required to have a contractual agreement in place that outlines the responsibilities of each party with respect to data transfers;


The regulatory authority must be informed of any violations under the Decree within 72 hours after the violation occurs. This notification should be in the prescribed form no. 3 of the appendix of the Decree.

At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.


G2vEase Of Doing Business With G2 Highest User Adoption Adoption G2 Leader Enterprise Leader G2 leader G2 Momentum Leader G2 Users Most Likely To Recommend RSAC Leader Forrester Badge Snowflake Partner Badge IAPP Innovation award 2020 Gartner Cool Vendor Award Sinet Innovator Award