What are the prohibited acts on personal data protection in Vietnam according to Decree 13/2023/ND-CP?

What are the prohibited acts on personal data protection in Vietnam according to Decree 13/2023/ND-CP? Q.T - Lam Dong

What are the prohibited acts on personal data protection in Vietnam according to Decree 13/2023/ND-CP?
What are the contents of state management of personal data protection in Vietnam?
What are the 11 rights of data subjects on protection of personal data in Vietnam?

What are the prohibited acts on personal data protection in Vietnam according to Decree 13/2023/ND-CP?

Pursuant to Article 8 of Decree 13/2023/ND-CP stipulates as follows:

Prohibited acts

1. Processing personal data in contravention of regulations of law on protection of personal data.

2. Processing personal data in order to provide information and data against regulations of the Socialist Republic of Vietnam

3. Processing personal data in order to provide information and data that affect national security, social order and safety, and legitimate rights and interests of other organizations and individuals.

4. Obstructing protection of personal data by competent authorities.

5. Taking advantage of protection of personal data to commit violations of law.

Accordingly, 8 prohibited acts in personal data protection include:

- Processing personal data in contravention of regulations of law on protection of personal data.

- Processing personal data in order to provide information and data against regulations of the Socialist Republic of Vietnam

- Processing personal data in order to provide information and data that affect national security, social order and safety, and legitimate rights and interests of other organizations and individuals.

- Obstructing protection of personal data by competent authorities.

- Taking advantage of protection of personal data to commit violations of law.

What are the prohibited acts on personal data protection in Vietnam according to Decree 13/2023/ND-CP?

What are the contents of state management of personal data protection in Vietnam?

Pursuant to Article 5 of Decree 13/2023/ND-CP stipulates as follows:

State management of personal data protection

The Government shall ensure uniform state management of personal data protection.

Contents of state management include:

1. Requesting competent authorities to promulgate or promulgate within its jurisdiction legal documents, and directing and organizing the implementation of legal documents on protection of personal data.

2. Formulating and organizing the implementation of strategies, policies, schemes, projects, programs and plans for protection of personal data.

3. Providing guidance on measures, procedures and standards of protection of personal data for agencies, organizations and individuals in accordance with law.

4. Disseminating and educating the law on protection of personal data; communicating and disseminating skills and knowledge about protection of personal data.

5. Developing and providing training and refresher training for officials, public employees and persons assigned to protect personal data.

6. Inspecting the observance of law on protection of personal data; handling complaints, denunciations and violations against regulations on protection of personal data as prescribed by law.

7. Compiling statistics, and giving information and reports on protection of personal data and the observance of law on personal data protection to competent authorities.

8. Encouraging international cooperation in protection of personal data.

Thus, state management of personal data protection is carried out according to the above contents.

What are the 11 rights of data subjects on protection of personal data in Vietnam?

According to Article 9 of Decree 13/2023/ND-CP regulating the Data subject’s rights on protection of personal data as follows:

(1) Right to be informed

The data subject has the right to be informed of his/her personal data processing, unless otherwise provided for by law.

(2) Right to give consent

The data subject has the right to give consent to the processing of his/her personal data, other than cases specified in Article 17 of this Decree.

(3) Right to access personal data

The data subject has the right to access his/her personal data in order to look at, rectify or request rectification of his/her personal data, unless otherwise provided for by law.

(4) Right to withdraw consent

The data subject has the right to withdraw his/her consent, unless otherwise provided for by law.

(5) Right to delete personal data

The data subject has the right to delete or request deletion of his/her personal data, unless otherwise provided for by law.

(6) Right to obtain restriction on processing

- The data subject has the right to obtain restriction on the processing of his/her personal data, unless otherwise provided for by law.

- The restriction on the processing of personal data shall be implemented within 72 hours after receiving request of the data subject, and all personal data that the data subject requests the restriction, unless otherwise provided for by law.

(7) Right to obtain personal data

The data subject has the right to request the Personal Data Controller and the Personal Data Controller-cum-Processor to provide him/her with his/her personal data, unless otherwise provided for by law.

(8) Right to object to processing

- The data subject has the right to object to the Personal Data Controller and the Personal Data Controller-cum-Processor processing his/her personal data in order to prevent or restrict the disclosure of personal data or the use of personal data for advertising and marketing purposes, unless otherwise provided for by law.

- The Personal Data Controller and the Personal Data Controller-cum-Processor shall comply with the data subject’s request within 72 hours after receiving the request, unless otherwise provided for by law.

(9) Right to file complaints, denunciations and lawsuits

The data subject has the right to file complaints, denunciations and lawsuits as prescribed by law.

(10) Right to claim damage

The data subject has the right to claim damage as prescribed by law when there are violations against regulations on protection of his/her personal data, unless otherwise agreed by parties or unless otherwise prescribed by law.

(11) Right to self-protection

The data subject has the right to self-protection according to regulations in the Civil Code, other relevant laws and this Decree, or request competent agencies and organizations to implement civil right protection methods according to regulations in Article 11 of the Civil Code 2015.

If a person has his/her civil rights violated, he/she may protect them himself/herself as prescribed in this Code, other relevant laws or request competent authorities to:

- Recognize, respect, protect and guarantee of his/her civil rights;

- Order the termination of the act of violation;

- Order a public apology and/or rectification;

- Order the performance of civil obligations;

- Order compensation for damage;

- Cancellation of isolated unlawful decision of competent agencies, organizations or persons;

- Other requirements specified by law.

LawNet

- This English translation is for reference purposes only and not a definitive translation of the original Vietnamese texts;
- Articles may be compiled from a variety of sources;
- Applicable Terms may have expired at the time you are reading;
- If you have any questions about the copyright of the article, please contact us via email banquyen@lawnet.vn;

Personal data protection

Personal data protection in Vietnam

Legal Grounds

The latest legal advice

{{i.Title}}

Address:	19 Nguyen Gia Thieu, Vo Thi Sau Ward, District 3, Ho Chi Minh City
Phone:	(028) 7302 2286 (6 lines)
E-mail:	info@lawnet.vn