How many rules for protection of personal data in Vietnam are there? What are the personal data protection measures in Vietnam?
What are the personal data protection measures in Vietnam?
Pursuant to Article 26 of Decree No. 13/2023/ND-CP on the personal data protection measures as follows:
Personal data protection measures
1. Measures for protecting personal data shall be adopted from the beginning of and throughout the processing of personal data.
2. Measures for protecting personal data include:
a) Management measure adopted by an organization or individual related to processing of personal data;
b) Technical measure adopted by an organization or individual related to processing of personal data;
c) Measure adopted by a competent authority according to regulations in this Decree and relevant law;
d) Investigation and procedure measures adopted by a competent authority;
dd) Other measures as prescribed by law.
Thus, personal data is protected by the following five measures:
- Management measure;
- Technical measure;
- Measure adopted by a competent authority;
- Investigation and procedure measures;
- Other measures as prescribed by law.
How many rules for protection of personal data in Vietnam are there? What are the personal data protection measures in Vietnam?
How many rules for protection of personal data in Vietnam are there?
Pursuant to the provisions of Article 3 of Decree No. 13/2023/ND-CP as follows:
Rules for protection of personal data
1. The personal data shall be processed as prescribed by law.
2. The data subject shall be entitled to receive information related to the processing of his/her personal data, unless otherwise provided for by law.
3. The personal data shall be processed for the purposes that have been registered and declared by the Personal Data Controller, the Personal Data Processor, the Personal Data Controller-cum-Processor and the Third Party.
4. The collected personal data shall be appropriate for the scope and purposes of processing. The purchase or sale of personal data shall be prohibited in any form, unless otherwise provided for by law.
5. The personal data shall be updated and added for the processing purposes.
6. The personal data shall be protected and secured throughout the processing. To be specific, the personal data shall be protected from violations against regulations on protection of personal data and prevention of loss, destruction or damage caused by incidents and use of technical measures.
7. The personal data shall be stored within a period of time that is appropriate for the processing purposes, unless otherwise provided for by law.
8. The Personal Data Controller and the Personal Data Controller-cum-Processor shall comply with the rules for data processing specified in Clauses 1 through 7 of this Article and prove their compliance.
Thus, according to regulations, personal data is protected according to the above 07 rules.
The personal data shall be protected and secured throughout the processing. To be specific, the personal data shall be protected from violations against regulations on protection of personal data and prevention of loss, destruction or damage caused by incidents and use of technical measures.
The personal data shall be stored within a period of time that is appropriate for the processing purposes, unless otherwise provided for by law.
At the same time, the data subject is made aware of his/her personal data processing-related activities, unless otherwise provided for by law.
What acts are prohibited in the processing of personal data?
Pursuant to Decree No. 13/2023/ND-CP on protection of personal data. The Decree stipulates personal data protection and personal data protection responsibilities of relevant agencies, organizations and individuals.
In Article 8 of Decree No. 13/2023/ND-CP, there are provisions on prohibited acts in processing personal data as follows:
Prohibited acts
1. Processing personal data in contravention of regulations of law on protection of personal data.
2. Processing personal data in order to provide information and data against regulations of the Socialist Republic of Vietnam
3. Processing personal data in order to provide information and data that affect national security, social order and safety, and legitimate rights and interests of other organizations and individuals.
4. Obstructing protection of personal data by competent authorities.
5. Taking advantage of protection of personal data to commit violations of law.
Thus, for the processing of personal data, the law stipulates that there are 05 prohibited acts mentioned above.
Decree No. 13/2023/ND-CP takes effect from July 1, 2023.
LawNet