What are the rules for protection of personal data in Vietnam? What does sensitive personal data include?

What are the rules for protection of personal data in Vietnam? What does sensitive personal data include? S.A - Ha Nam.

What are the rules for protection of personal data in Vietnam?
Vietnam: What does sensitive personal data include?
Vietnam: When will personal data protection measures be adopted?

What are the rules for protection of personal data in Vietnam?

The protection of personal data is carried out according to the rules specified in Article 3 of Decree 13/2023/ND-CP as follows:

Rules for protection of personal data

1. The personal data shall be processed as prescribed by law.

2. The data subject shall be entitled to receive information related to the processing of his/her personal data, unless otherwise provided for by law.

3. The personal data shall be processed for the purposes that have been registered and declared by the Personal Data Controller, the Personal Data Processor, the Personal Data Controller-cum-Processor and the Third Party.

4. The collected personal data shall be appropriate for the scope and purposes of processing. The purchase or sale of personal data shall be prohibited in any form, unless otherwise provided for by law.

5. The personal data shall be updated and added for the processing purposes.

6. The personal data shall be protected and secured throughout the processing. To be specific, the personal data shall be protected from violations against regulations on protection of personal data and prevention of loss, destruction or damage caused by incidents and use of technical measures.

7. The personal data shall be stored within a period of time that is appropriate for the processing purposes, unless otherwise provided for by law.

8. The Personal Data Controller and the Personal Data Controller-cum-Processor shall comply with the rules for data processing specified in Clauses 1 through 7 of this Article and prove their compliance.

Accordingly, the protection of personal data is carried out according to the above principles.

What are the rules for protection of personal data in Vietnam? What does sensitive personal data include?

Vietnam: What does sensitive personal data include?

Pursuant to Clause 4, Article 2, Decree 13/2023/ND-CP stipulates that “Sensitive personal data” refers to personal data in association with individual privacy which, when being infringed, will directly affect an individual's legal rights and interests, including:

- Political and religious opinions;

- Health condition and personal information stated in health record, excluding information on blood group;

- Information about racial or ethnic origin;

- Information about genetic data related to an individual's inherited or acquired genetic characteristics;

- Information about an individual’s own biometric or biological characteristics;

- Information about an individual’s sex life or sexual orientation.

- Data on crimes and criminal activities collected and stored by law enforcement agencies;

- Information on customers of credit institutions, foreign bank branches, payment service providers and other licensed institutions, including: customer identification as prescribed by law, accounts, deposits, deposited assets, transactions, organizations and individuals that are guarantors at credit institutions, bank branches, and payment service providers;

- Personal location identified via location services;

- Other specific personal data as prescribed by law that requires special protection.

Above are 10 sensitive personal data that credit institutions and banks need to clearly understand and be responsible for protecting sensitive personal data.

Vietnam: When will personal data protection measures be adopted?

Pursuant to Article 26 of Decree 13/2023/ND-CP stipulates as follows:

Personal data protection measures

1. Measures for protecting personal data shall be adopted from the beginning of and throughout the processing of personal data.

2. Measures for protecting personal data include:

a) Management measure adopted by an organization or individual related to processing of personal data;

b) Technical measure adopted by an organization or individual related to processing of personal data;

c) Measure adopted by a competent authority according to regulations in this Decree and relevant law;

d) Investigation and procedure measures adopted by a competent authority;

dd) Other measures as prescribed by law.

Accordingly, measures for protecting personal data shall be adopted from the beginning of and throughout the processing of personal data.

There are measures to protect personal data, including:

- Management measure adopted by an organization or individual related to processing of personal data;

- Technical measure adopted by an organization or individual related to processing of personal data;

- Measure adopted by a competent authority according to regulations in this Decree and relevant law;

- Investigation and procedure measures adopted by a competent authority;

- Other measures as prescribed by law

LawNet

- This English translation is for reference purposes only and not a definitive translation of the original Vietnamese texts;
- Articles may be compiled from a variety of sources;
- Applicable Terms may have expired at the time you are reading;
- If you have any questions about the copyright of the article, please contact us via email banquyen@lawnet.vn;

Personal data

Personal data in Vietnam

Legal Grounds

The latest legal advice

{{i.Title}}

Address:	19 Nguyen Gia Thieu, Vo Thi Sau Ward, District 3, Ho Chi Minh City
Phone:	(028) 7302 2286 (6 lines)
E-mail:	info@lawnet.vn