What is the Personal Data Protection Commission? What are the functions and duties of the Personal Data Protection Commission according to the latest Draft?

Hello Lawnet, I heard that the Government has a new Draft regulation on the Personal Data Protection Committee. I want to learn about this issue to comment on a new draft. Thanks for the information!

What is the Personal Data Protection Commission?
What are the functions and duties of the Personal Data Protection Committee?
What is the responsibility of the Personal Data Protection Commission in the protection of personal data?

What is the Personal Data Protection Commission?

According to Clause 1, Article 23 of the Draft Decree on personal data protection (Draft 2), the Personal Data Protection Committee is an organization under the Government, located at Department of Cyber Security and Hi-tech Crime Prevention, Ministry of Public Security. Members of the Personal Data Protection Committee include no more than 06 comrades with professional qualifications and experience in the law on personal data protection, working part-time.

What are the functions and duties of the Personal Data Protection Committee?

According to Article 24 of the Draft Decree on personal data protection (Draft 2), the functions and duties of the Personal Data Protection Committee are:

- Implementing awareness advanceding activities on personal data protection.

- Providing consulting, technical, management or other specialized services related to the protection of personal data.

- Advising the Government on matters related to the protection of personal data.

- Conducting research and promoting educational activities related to personal data protection, including organizing and conducting related seminars and symposiums and assisting other organizations in carrying out such activities. that activity.

- Managing technical cooperation and exchanging in the field of personal data protection with other organizations, including foreign data protection authorities, international or intergovernmental organizations, or on behalf of Government.

- Protecting the interests of owner data, preventing any misuse of personal data, ensuring compliance with legal regulations and promoting awareness of data protection.

- Evaluating and ranking the reliability of personal data protection of agencies and organizations and publishing them on the National Portal on Personal Data Protection.

- Classifying personal data and violations of regulations on personal data protection.

- Issuing guidelines for the protection of personal data.

- Monitoring and evaluating technological developments and commercial practices that may affect the protection of personal data.

- Promoting measures and conducting research for innovation in the field of personal data protection.

- Advising the Government and any other agencies on the measures to be taken to protect personal data and ensuring the consistency of the application and enforcement of data protection legislation individual.

- Having the right to process personal data in service of the State's activities, unless otherwise provided for by law.

- Having an opinion to assess for all personal data protection regulations before being published by the Personal Data Processor if it is related to the legal rights and interests of the owner data. Contents of assessment as below:

+ Content and method of notification to data subjects;

+ Measures to protect personal data;

+ Measures related to the processing and storage of personal data;

+ Relating to the processing of personal data without the consent of the data subject;

+ Handling sensitive personal data;

+ Processing of children's personal data;

+ Exercising any rights of data owners specified in this Decree;

+ Standards and means of protecting personal data;

+ Responsibility to protect personal data;

+ Cybersecurity protection measures for personal data;

+ Method of de-identification and anonymity;

+ Method of destruction and deletion of personal data;

+ Assess the impact in the collection, analysis, processing and storage of personal data;

+ Transfer of personal data out of Vietnam's territorial borders;

+ Process sensitive personal data for research, storage or statistics;

+ Other issues related to personal data as prescribed by law.

- Warning and coordinating to warn about risks and violations of personal data in accordance with the law.

- Receiving registration dossiers for handling sensitive personal data, registration dossiers for cross-border transfer of personal data.

- Requesting the Director of the Department of Cybersecurity and High-Tech Crime Prevention and Control, the Ministry of Public Security to perform the following activities:

+ Inspecting, examining, monitoingr and applying personal data protection regulations;

+ Handling violations of regulations on protection of personal data according to regulations;

+ There is a written agreement or disagreement with the application file for processing sensitive personal data, application file for the transfer of personal data across borders;

+ Inspecting and examining the observance of regulations on handling sensitive personal data and transferring personal data out of Vietnam's territorial borders;

+ Settling complaints about personal data protection according to the provisions of this Decree;

+ Requesting the agency or organization that processes personal data to change the way it collects, processes and stores personal data in accordance with the provisions of law;

+ Temporarily suspending, suspending or issuing a written request to stop processing personal data if the agency or organization violates regulations;

+ Temporarily suspending, suspending or cancelling the document granted to the Personal Data Processor in case of violating regulations on handling sensitive personal data, transfer of personal data out of the border of the territory of Vietnam.

What is the responsibility of the Personal Data Protection Commission in the protection of personal data?

According to Article 25 of the Draft Decree on personal data protection (Draft 2), the responsibilities of the Personal Data Protection Committee on the protection of personal data are:

- Performing the functions and tasks specified in this Decree.

- Developing and issuing a set of criteria for assessing the reliability of personal data protection of agencies and organizations that handle personal data.

- Building and operating the National Portal on personal data protection.

- Receiving and processing registration dossiers for handling sensitive personal data and registration dossiers for cross-border transfer of personal data.

- Collecting and publishing a list of agencies and organizations that process personal data.

- Organizing conferences, seminars, activities to protect personal data.

- Evaluating the performance of personal data protection activities annually.

- Monitoring personal data protection activities according to regulations.

Download the Draft Decree on personal data protection here.

LawNet

- This English translation is for reference purposes only and not a definitive translation of the original Vietnamese texts;
- Articles may be compiled from a variety of sources;
- Applicable Terms may have expired at the time you are reading;
- If you have any questions about the copyright of the article, please contact us via email [email protected];

15 view

Draft Decree on personal data protection in Vietnam

Legal Grounds

Clause 1, Article 23 of the Draft Decree on personal data protection (Draft 2)

The latest legal advice

{{i.Title}}

Address:	19 Nguyen Gia Thieu, Vo Thi Sau Ward, District 3, Ho Chi Minh City
Phone:	(028) 7302 2286 (6 lines)
E-mail:	[email protected]