Login / Register
03:59 | 23/08/2024

What are the cases where personal data is not deleted at the request of the data subject? When is a data subject's consent valid in the processing of his/her personal data in Vietnam?

What are the cases where personal data is not deleted at the request of the data subject? When is a data subject's consent valid in the processing of his/her personal data in Vietnam? - asked Mrs. A.N (hue)

What are the cases where personal data is not deleted at the request of the data subject in Vietnam?

Based on Clause 2, Article 16 of Decree 13/2023/ND-CP it is stipulated as follows:

Storage, Deletion, and Destruction of Personal Data

...

2. The deletion of data will not apply upon the request of the data subject in the following cases:

a) The law stipulates that data cannot be deleted;

b) Personal data is processed by a competent state agency for the purpose of serving state agency operations in accordance with the law;

c) Personal data has been disclosed in accordance with the law;

d) Personal data is processed to serve legal requirements, scientific research, statistics as prescribed by law;

dd) In case of emergencies related to national defense, national security, social order and safety, large-scale disasters, dangerous epidemics; when there is a risk of threatening security, defense but not yet to the level of declaring a state of emergency; prevention and control of riots, terrorism, crime, and violations of the law;

e) Responding to emergency situations that threaten the life, health, or safety of the data subject or others.

The deletion of data will not apply upon the request of the data subject in the following cases:

(1) The law stipulates that data cannot be deleted;

(2) Personal data is processed by a competent state agency for the purpose of serving state agency operations in accordance with the law;

(3) Personal data has been disclosed in accordance with the law;

(4) Personal data is processed to serve legal requirements, scientific research, statistics as prescribed by law;

(5) In case of emergencies related to national defense, national security, social order and safety, large-scale disasters, dangerous epidemics; when there is a risk of threatening security, defense but not yet to the level of declaring a state of emergency; prevention and control of riots, terrorism, crime, and violations of the law;

(6) Responding to emergency situations that threaten the life, health, or safety of the data subject or others.

In which cases is personal data not deleted upon request? When is the consent of the data subject effective in processing personal data?

In which cases is personal data not deleted upon request? When is the consent of the data subject effective in processing personal data?

What are the prohibited acts in personal data protection in Vietnam?

According to Article 8 of Decree 13/2023/ND-CP the provisions are as follows:

Prohibited Acts

1. Processing personal data contrary to the provisions of the law on personal data protection.

2. Processing personal data to create information, data against the Socialist Republic of Vietnam.

3. Processing personal data to create information, data that affects national security, social order and safety, legal rights, and benefits of organizations and other individuals.

4. Obstructing personal data protection activities of competent authorities.

5. Misusing personal data protection activities to violate the law.

The prohibited acts in personal data protection include:

- Processing personal data contrary to the provisions of the law on personal data protection.

- Processing personal data to create information, data against the Socialist Republic of Vietnam.

- Processing personal data to create information, data that affects national security, social order and safety, legal rights, and benefits of organizations and other individuals.

- Obstructing personal data protection activities of competent authorities.

- Misusing personal data protection activities to violate the law.

When is a data subject's consent valid in the processing of his/her personal data in Vietnam?

Based on Clause 2, Article 11 of Decree 13/2023/ND-CP it is stipulated as follows:

Consent of the Data Subject

1. The consent of the data subject applies to all activities in the process of personal data processing, except where the law provides otherwise.

2. The consent of the data subject is effective only when the data subject voluntarily and clearly understands the following contents:

a) Type of personal data to be processed;

b) Purpose of personal data processing;

c) Organizations or individuals allowed to process personal data;

d) Rights and obligations of the data subject.

3. The consent of the data subject must be clearly and specifically expressed by document, voice, marking the consent box, consent syntax via message, selecting technical settings to consent, or through another action that shows this clearly.

4. Consent must be given for the same purpose. When there are multiple purposes, the Data Controller, Data Controller and Processor must list the purposes for the data subject to consent to one or more of the given purposes.

5. The consent of the data subject must be in a format that can be printed, copied in writing, including electronic or verifiable formats.

6. The silence or non-response of the data subject is not considered as consent.

7. The data subject may consent partially or with conditions.

8. For the processing of sensitive personal data, the data subject must be informed that the data to be processed is sensitive personal data.

9. The consent of the data subject is effective until the data subject makes another decision or when required in writing by a competent state agency.

10. In case of a dispute, the burden of proof of the data subject's consent lies with the Data Controller, Data Controller and Processor.

11. Through authorization as stipulated by the Civil Code, organizations or individuals may act on behalf of the data subject to carry out procedures related to the processing of the data subject's personal data with the Data Controller, Data Controller and Processor where the data subject has been clearly informed and has consented in accordance with Clause 3 of this Article, except where the law provides otherwise.

Accordingly, the consent of the data subject in the processing of personal data is only effective when the data subject voluntarily and clearly understands the following contents:

- Firstly, the type of personal data to be processed.

- Secondly, the purpose of personal data processing.

- Thirdly, the organizations or individuals allowed to process personal data.

- Fourthly, the rights and obligations of the data subject.

LawNet

  • - This English translation is for reference purposes only and not a definitive translation of the original Vietnamese texts;
  • - Articles may be compiled from a variety of sources;
  • - Applicable Terms may have expired at the time you are reading;
  • - If you have any questions about the copyright of the article, please contact us via email banquyen@lawnet.vn;
Legal Grounds
The latest legal advice
Recently viewed news

What are the cases where personal data is not deleted at the request of the data subject? When is a data subject's consent valid in the processing of his/her personal data in Vietnam?
MOST READ
{{i.ImageTitle_Alt}}
{{i.Title}}