Enhancement of personal data protection and cyber information security in the education sector in Vietnam

Enhancement of personal data protection and cyber information security in the education sector in Vietnam

To thoroughly implement the regulations of Decree 13/2023/ND-CP in relevant activities within the sector, the Ministry of Education and Training of Vietnam (MOET) requests that Departments of Education and Training, universities, academies, colleges of education (hereinafter referred to as the units) intensify the review and implementation of the following contents:

- Intensify the organization, dissemination, and thorough implementation of the regulations of Decree 13/2023/ND-CP within the units, especially targeting personnel directly involved in the management, exploitation, and processing of personal data. Organize legal education, communication, and dissemination of knowledge and skills on personal data protection that are suitable for students.

- Review internal regulations and policies on the management, operation, exploitation, and use of information systems/databases within the unit's scope and its subordinate units to incorporate current legal regulations on personal data protection. This includes clearly stipulating the responsibilities for personal data protection of related agencies, organizations, and individuals, as well as handling responsibilities when violations of personal data protection regulations occur within their purview.

Review the units and departments that collect and process personal data; classify the personal data collected and being processed; evaluate the processes of data collection and processing to issue or propose appropriate management measures, and determine corresponding protection responsibilities for each type of personal data according to the provisions in Decree 13/2023/ND-CP.

- When violations of personal data protection regulations are detected (especially cases of illegal trading, transfer of personal data), strict actions must be taken and the violations must be reported to the specialized personal data protection agency (Cyber Security and Hi-Tech Crime Prevention Department - Ministry of Public Security of Vietnam) and MOET (via the Department of Information Technology) no later than 72 hours after the occurrence or detection of the violation as per Form No. 03 in the Appendix of Decree 13/2023/ND-CP.

More details can be found in Official Dispatch 4567/BGDDT-CNTT dated August 22, 2024.

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE