Which agency is in charge of protection of personal data in Vietnam? What are the rules for protection of personal data in Vietnam?
Which agency is in charge of protection of personal data in Vietnam?
Pursuant to Article 29 of Decree No. 13/2023/ND-CP stipulating as follows:
Personal data protection authority and National Portal on personal data protection
1. The personal data protection authority is the Department of Cybersecurity and Hi-tech Crime Prevention under Ministry of Public Security that assists the Ministry of Public Security in performing state management of personal data protection.
2. National Portal on personal data protection:
a) Provide information on guidelines and policies of the Communist Party and the State's laws on protection of personal data;
b) Disseminate policies and laws on protection of personal data;
c) Update information and situation of protection of personal data;
d) Receive electronic information, documents and data about protection of personal data;
dd) Provide information on results of assessment of protection of personal data by relevant agencies, organizations and individuals;
e) Receive notification of violations against regulations on protection of personal data;
g) Issue warning and cooperate in warning about risks and acts that infringe personal data as prescribed by law.
h) Handle violations against regulations on protection of personal data as prescribed by law;
i) Perform other activities according to regulations of law on protection of personal data.
Thus, according to the above regulations, the personal data protection authority is the Department of Cybersecurity and Hi-tech Crime Prevention under Ministry of Public Security that assists the Ministry of Public Security in performing state management of personal data protection.
The personal data protection authority is responsible for assisting the Ministry of Public Security in performing state management of personal data protection.
Which agency is in charge of protection of personal data in Vietnam? What are the rules for protection of personal data in Vietnam?
How many measures are there to protect personal data?
Pursuant to Article 26 of Decree No. 13/2023/ND-CP stipulating as follows:
Personal data protection measures
1. Measures for protecting personal data shall be adopted from the beginning of and throughout the processing of personal data.
2. Measures for protecting personal data include:
a) Management measure adopted by an organization or individual related to processing of personal data;
b) Technical measure adopted by an organization or individual related to processing of personal data;
c) Measure adopted by a competent authority according to regulations in this Decree and relevant law;
d) Investigation and procedure measures adopted by a competent authority;
dd) Other measures as prescribed by law.
Thus, personal data is protected by the following five measures:
- Management measure;
- Technical measure;
- Measures adopted by a competent authority;
- Investigation and procedure measures;
- Other measures as prescribed by law.
What are the rules for protection of personal data in Vietnam?
Pursuant to the provisions of Article 3 of Decree No. 13/2023/ND-CP as follows:
Rules for protection of personal data
1. The personal data shall be processed as prescribed by law.
2. The data subject shall be entitled to receive information related to the processing of his/her personal data, unless otherwise provided for by law.
3. The personal data shall be processed for the purposes that have been registered and declared by the Personal Data Controller, the Personal Data Processor, the Personal Data Controller-cum-Processor and the Third Party.
4. The collected personal data shall be appropriate for the scope and purposes of processing. The purchase or sale of personal data shall be prohibited in any form, unless otherwise provided for by law.
5. The personal data shall be updated and added for the processing purposes.
6. The personal data shall be protected and secured throughout the processing. To be specific, the personal data shall be protected from violations against regulations on protection of personal data and prevention of loss, destruction or damage caused by incidents and use of technical measures.
7. The personal data shall be stored within a period of time that is appropriate for the processing purposes, unless otherwise provided for by law.
8. The Personal Data Controller and the Personal Data Controller-cum-Processor shall comply with the rules for data processing specified in Clauses 1 through 7 of this Article and prove their compliance.
Thus, according to regulations, personal data is protected according to the above 07 rules.
The Personal Data Controller and the Personal Data Controller-cum-Processor shall comply with the rules for data processing and prove their compliance.
Decree No. 13/2023/ND-CP takes effect from July 1, 2023.
LawNet