• ,
  • Vietnam issues first legal document on Personal Data, Privacy Rights Protection

Vietnam issues first legal document on Personal Data, Privacy Rights Protection

Vietnam issues first legal document on Personal Data, Decree No. 13/2023/ND-CP, Decree No. 13/2023/ND-CP on Personal Data Protection, PDP Decree of Vietnam,
13 Jun

Vietnam issues first legal document on Personal Data, Privacy Rights Protection

By News, Vietnam 0 Comments

Vietnam will soon have the first legal document on personal data and privacy rights protection of relevant agencies, organizations and individuals with the issuance of Decree No. 13/2023/ND-CP on Personal Data Protection (PDP Decree) on April 17, 2023, effective from July 1, 2023.

According to the PDP Decree, data processing activities include collecting, recording, analyzing, validating, storing, editing, disclosing, combining, accessing, retrieving, encrypting, decrypting, copying, sharing, transmitting, providing, transferring, deleting, destroying and related actions will have specific provisions, the most important of which is the restriction on the parties’ handling, collection of data can be made, with and without the permission of the data subject.

The PDP Decree stipulates the rights of data subjects; conditions and forms of consent including consent in writing and via SMS, among others; various types of personally sensitive data including the health status of the data subject and related political views; basic personal data protection measures; new requirements for cross-border data transmission; respective responsibilities of the Department of Cybersecurity and High-Tech Crime Prevention and Control and relevant authorities, etc.

Notable main points in Decree No. 13

Classification of basic data and sensitive data

Personal data is divided into two categories, basic data and sensitive data.

Clause 3, Article 2 of Decree No. 13 stipulates basic personal data including: full name; Date of birth; date of death; sex; place of birth, place of permanent residence, place of temporary residence, place of current residence; nationality; personal image; phone number; identity card number or personal identification number, passport number; driver’s license, license plate; Personal tax code; social insurance and health insurance codes; marital status; information about family relationships.

Clause 4, Article 2 of Decree No. 13 stipulates that sensitive personal data is personal data related to an individual’s privacy, which, if violated, will directly affect that individual’s rights and interests, including: Political views, religion; health status, private life recorded in the medical record; origin or ethnicity; genetic traits; special characteristics; sexual life and orientation; evidence of criminal conduct collected or stored by law enforcement; bank customer information such as identity, accounts, deposits, deposited assets, transactions; Personal location is determined through location services.

For the first time, Vietnam has a legal document specifically regulating basic data and personal data in Vietnam, which is of great importance in protecting privacy, personal data and ensuring information security of Vietnamese people.

In addition, this is also an important international demonstration that Vietnam is willing to comply with international standards and regulations, such as the General Data Protection Regulation (GDPR) and similar regulations. Clearly distinguishing the types of personal data will create a basis to protect and sanction personal data violations as well as the responsibility of protection and non-disclosure of personal data processing agencies, especially when dealing with sensitive types of personal data.

Data subject rights

Article 9 of Decree 13 details the rights of data subjects, including the following 11 rights:

1. Right to know: Data subjects know about their personal data processing activities, unless otherwise provided for by law.

2. Right of Consent: The data subject may or may not agree to allow the processing of their personal data, except in some urgent cases like when it is necessary to immediately process the relevant personal data for protection of life and health of the data subject or other people or when there is a threat to national security.

3. Right of access: The data subject is entitled to access to view, correct or request correction of his/her personal data, unless otherwise provided for by law.

4. Right to withdraw consent: Data subject has the right to withdraw his/her consent, unless otherwise provided by law.

5. Right to data erasure: The data subject may have his or her personal data deleted as requested, unless otherwise provided for by law.

6. Right to restrict data processing:

a) Data subjects may require to limit the processing of their personal data, unless otherwise provided by law;

b) Restriction of data processing is carried out within 72 hours after the request of the data subject, with all personal data that the data subject requests to limit, unless otherwise provided for by other law.

7. Right to provide data: Data subject is required by Personal Data Controller, Personal Data Controller and Processor to provide his/her own personal data, unless otherwise required by other laws.

8. Right to object to data processing:

a) The data subject may object the Controller of personal data, the Controller and Processor of personal data to process its personal data to prevent or limit the disclosure of personal data or its use for advertising or marketing purposes, unless otherwise provided by law;

b) The Controller of personal data, the Controller and the processor of personal data shall fulfill the request of the data subject within 72 hours after receiving the request, unless otherwise provided for by law.

9. Right to complain, denounce and initiate lawsuits: Data subjects have the right to complain, denounce or initiate lawsuits in accordance with the law.

10. Right to claim for damages: Data subjects have the right to claim damages in accordance with the law when a breach of regulations on the protection of their personal data occurs, unless the parties agreed or otherwise provided by law.

11. Right to self-protection: Data subjects have the right to protect themselves according to the provisions of the Civil Code, other relevant laws and this Decree, or request competent agencies or organizations to implement measures regarding to civil rights protection in accordance with Article 11 of the Civil Code.

Requires consent of data subject

Decree No. 13 on the protection of personal data has new requirements related to the consent of the data subject, which is a mandatory condition in many activities related to the collection and processing of personal data.

According to the provisions of Article 11 of Decree No. 13, before performing and during the processing of personal data, the personal data controller and the personal data processor need the consent of the data subject in all activities, unless otherwise provided by law.

The consent of the data subject must be expressed clearly, specifically in writing, by voice, by ticking the consent box, by the syntax of consent by text message, by selecting settings consent or otherwise express this and may be printed, reproduced in writing, including in verifiable electronic or written format.

In it, it is noted that the silence or non-response of the data subject is not considered as consent.

Consent must be made for the same purpose. When there are multiple purposes, the Personal Data Controller, Personal Data Controller and Processor lists the purposes for the data subject to agree to one or more of the stated purposes.

The consent of the data subject is valid until the data subject decides otherwise or when requested in writing by the competent authority.

In the event of a dispute, the responsibility for proving the consent of the data subject lies with the Controller of personal data, the Controller and the processor of personal data.

Procedures for handling violations of regulations on personal data protection

In case of detecting a violation of personal data protection regulations, the Personal Data Controller, the Personal Data Controller and Processor shall notify the Ministry of Public Security (Department of Cybersecurity and of Public Security to combat crimes using high technology) within 72 hours after the violation occurs.

In case of notification after 72 hours, the reason for the late notice must be attached. In particular, the notification needs to be done on the principle as quickly as possible, with the spirit of trying to remedy the damage, absolutely prohibiting the situation be discovered but wait until the 72-hour time limit is almost over to notify.

Contents of notice of violation of regulations on personal data protection:

a) Describe the nature of the breach of personal data protection regulations, including: time, place, behavior, organization, individual, types of personal data and the amount of related data;

b) Contact details of the employee assigned the task of data protection or the organization or individual responsible for the protection of personal data;

c) Describe possible consequences and damages of violating regulations on protection of personal data;

d) Describe the measures taken to deal with and minimize the harms of violations of personal data protection regulations.

In case it is not possible to fully notify the contents, the notification may be made in batches and stages with reasonable reasons.

The Controller of personal data, the Party that controls and processes personal data must make a written confirmation of the occurrence of a violation of the regulations on protection of personal data, and coordinate with the Ministry of Public Security in handling the violation.

Towards the future

The PDP Decree on Personal Data Protection in Vietnam will set a new standard for all domestic and foreign organizations regarding how personal data is handled in Vietnam.

It is expected that the Vietnamese Government will soon approve a draft decree on administrative sanctions in the field of cybersecurity, thereby facilitating the implementation of more detailed regulations on cybersecurity and data protection.

Higher than Decree No. 13, the Personal Data Protection Law will also begin the drafting phase in 2024. In the meantime, data privacy is also mentioned in a number of bills, such as: bills on electronic transactions, telecommunications and consumer protection.

Thereby, it can be said that Vietnam is paying more and more attention to the protection of personal data, the privacy of the Vietnamese people, and promoting human rights – the most basic and fundamental factor for the development of a civilized and modern society.

*** Other Articles***

– You could visit here to see the Trademark Registration in Vietnam.

– You can also check the Vietnam Trademark Law: Detailed Guide And Legal Notes.

– You could check Questions of filing trademark in Vietnam: POA, Trademark requirement and trademark fee in Vietnam.

Contact AAA IPRIGHT: Email: [email protected]

Or sending your inquiry by filling the form:






    captcha

     

     

    Share this post

    Related Posts

    direct link between IP and better business performance, IP and better business performance, IP and business performance,

    Studies by IPOS show that there is a direct link between IP and better business performance
    17 July, 2023 | | News, Singapore | 0 Comments

    Two studies conducted by the Intellectual Property Office of Singapore (IPOS) were released on May 17, 2023, during the... Read More

    How about your time at International Trademark Association (INTA) 2019?
    26 May, 2019 | | News | 0 Comments

    Have you returned to your country after annual meeting of International Trademark Association (INTA) 2019? How about your time... Read More

    New Data Protection Act in Sri Lanka, Data Protection Act in Sri Lanka, Data Protection Act, Protection Act in Sri Lanka, Sri Lanka,

    New Data Protection Act in Sri Lanka
    26 April, 2022 | | News, Sri Lanka | 0 Comments

    There has been a lot going on in Sri Lanka at the moment. Recently, the Government of Sri Lanka... Read More

    Myanmar: The new trademark law

    Myanmar: The new trademark law
    26 April, 2021 | | Myanmar, News | 0 Comments

    Myanmar has become a member of WIPO since 2001. Before the new trademark law was enacted, there was no... Read More

    India moves up 2 spots to 46th rank in Global Innovation Index 2021, India excel at innovation, Global Innovation Index 2021, India has moved up two positions to 46th rank

    India moves up 2 spots to 46th rank in Global Innovation Index 2021
    29 October, 2021 | | India, News | 0 Comments

    India has moved up two positions to 46th rank on the Global Innovation Index. India has been improving its... Read More

    Trademark in USA, USA Trademark

    What is use in commerce of filing trademark in USA
    14 September, 2018 | | News, US | 0 Comments

    Trademark in USA, USA Trademark Questions of Trademark in USA. Dear Sirs, Our client would like to register a trademark in USA... Read More

    AAA IPRIGHT Joined INTA In Barcelona, Spain in 2017
    15 February, 2018 | | News | 0 Comments

    Read More

    China's SPC published the Top 10 Intellectual Property Cases and Top 50 Typical Intellectual Property Cases in 2021

    China’s SPC published the Top 10 Intellectual Property Cases and Top 50 Typical Intellectual Property Cases in 2021
    25 May, 2022 | | China, News | 0 Comments

    The SPC published the top 10 IP cases in Chinese courts 2021 on April 21, 2022, as well as... Read More

    IPOS Encourages Public Participation: Submit Your Suggestions for Classification Database

    IPOS Encourages Public Participation: Submit Your Suggestions for Classification Database
    4 January, 2024 | | News | 0 Comments

    In an effort to enhance the effectiveness of its Classification Database, the Intellectual Property Office of Singapore (IPOS) has... Read More

    What you should know about IP and NFTs

    What you should know about IP and NFTs
    2 September, 2022 | | News | 0 Comments

    The IP asset at stake is fundamental to the success of IP transactions. But what if your business realizes... Read More

    WhatsApp chat

    By continuing to use the site, you agree to the use of cookies. more infomation

    The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

    Close