What are the contents of state management of personal data protection in Vietnam? How many rules does the protection of personal data have?
What are the responsibilities of the People's Committees of provinces and cities in personal data protection in Vietnam?
Responsibilities of the People's Committees of provinces and cities in personal data protection in Vietnam are defined in Article 37 of Decree No. 13/2023/ND-CP as follows:
Responsibilities of the People's Committees of provinces and central-affiliated cities (herein referred to as "the People's Committees of provinces ")
1. Perform state management of personal data protection for sectors and fields under their management in accordance with the law on protection of personal data.
2. Impose regulations on protection of personal data in this Decree.
3. Allocate funding for protection of personal data according to current state budget hierarchy.
4. Issue list of open data in accordance with regulations on protection of personal data.
Thus, in protection of personal data, the People's Committees of provinces and cities have four main responsibilities, including:
- Perform state management of personal data protection for sectors and fields under their management in accordance with the law on protection of personal data.
- Impose regulations on protection of personal data in this Decree.
- Allocate funding for protection of personal data according to current state budget hierarchy.
- Issue list of open data in accordance with regulations on protection of personal data.
What are the contents of state management of personal data protection in Vietnam? How many rules does the protection of personal data have?
What are the contents of state management of personal data protection in Vietnam?
Pursuant to Article 5 of Decree No. 13/2023/ND-CP on state management of personal data protection as follows:
State management of personal data protection
The Government shall ensure uniform state management of personal data protection.
Contents of state management include:
1. Requesting competent authorities to promulgate or promulgate within its jurisdiction legal documents, and directing and organizing the implementation of legal documents on protection of personal data.
2. Formulating and organizing the implementation of strategies, policies, schemes, projects, programs and plans for protection of personal data.
3. Providing guidance on measures, procedures and standards of protection of personal data for agencies, organizations and individuals in accordance with law.
4. Disseminating and educating the law on protection of personal data; communicating and disseminating skills and knowledge about protection of personal data.
5. Developing and providing training and refresher training for officials, public employees and persons assigned to protect personal data.
6. Inspecting the observance of law on protection of personal data; handling complaints, denunciations and violations against regulations on protection of personal data as prescribed by law.
7. Compiling statistics, and giving information and reports on protection of personal data and the observance of law on personal data protection to competent authorities.
8. Encouraging international cooperation in protection of personal data.
Thus, the state management of personal data protection has 08 specific contents as follows:
- Requesting competent authorities to promulgate or promulgate within its jurisdiction legal documents, and directing and organizing the implementation of legal documents on protection of personal data.
- Formulating and organizing the implementation of strategies, policies, schemes, projects, programs and plans for protection of personal data.
- Providing guidance on measures, procedures and standards of protection of personal data for agencies, organizations and individuals in accordance with law.
- Disseminating and educating the law on protection of personal data; communicating and disseminating skills and knowledge about protection of personal data.
- Developing and providing training and refresher training for officials, public employees and persons assigned to protect personal data.
- Inspecting the observance of law on protection of personal data; handling complaints, denunciations and violations against regulations on protection of personal data as prescribed by law.
- Compiling statistics, and giving information and reports on protection of personal data and the observance of law on personal data protection to competent authorities.
- Encouraging international cooperation in protection of personal data.
How many rules does the protection of personal data have?
Pursuant to the provisions of Article 3 of Decree No. 13/2023/ND-CP as follows:
Rules for protection of personal data
1. The personal data shall be processed as prescribed by law.
2. The data subject shall be entitled to receive information related to the processing of his/her personal data, unless otherwise provided for by law.
3. The personal data shall be processed for the purposes that have been registered and declared by the Personal Data Controller, the Personal Data Processor, the Personal Data Controller-cum-Processor and the Third Party.
4. The collected personal data shall be appropriate for the scope and purposes of processing. The purchase or sale of personal data shall be prohibited in any form, unless otherwise provided for by law.
5. The personal data shall be updated and added for the processing purposes.
6. The personal data shall be protected and secured throughout the processing. To be specific, the personal data shall be protected from violations against regulations on protection of personal data and prevention of loss, destruction or damage caused by incidents and use of technical measures.
7. The personal data shall be stored within a period of time that is appropriate for the processing purposes, unless otherwise provided for by law.
8. The Personal Data Controller and the Personal Data Controller-cum-Processor shall comply with the rules for data processing specified in Clauses 1 through 7 of this Article and prove their compliance.
Thus, according to regulations, there are 07 rules of personal data protection mentioned above.
The personal data shall be processed for the purposes that have been registered and declared by the Personal Data Controller, the Personal Data Processor, the Personal Data Controller-cum-Processor and the Third Party.
Decree No. 13/2023/ND-CP take effect from July 1, 2023.
LawNet