Vietnamese Law Mandates Strict Personal Data Safety Requirements

In a move to empower citizens and strengthen data privacy, Vietnam recently enacted a new law, Decree №13/2023/ND-CP on the Protection of Personal Data (PDPD), which took effect on July 1, 2023. This landmark legislation marks the first comprehensive data protection law in the country, significantly impacting how businesses and organizations handle Vietnamese citizens’ personal information.

The PDPD establishes a set of clear principles for data protection. These principles require organizations to be transparent about how they collect and use personal data. Citizens now have the right to be informed about what data is being collected, for what purpose, and with whom it might be shared. Additionally, the law mandates that organizations obtain clear and unambiguous consent before collecting any personal information. This ensures citizens have a say in how their data is used.

Furthermore, the PDPD outlines specific obligations for data controllers, the organizations that determine how data is used, and data processors, the entities entrusted with handling the data. Both parties are now legally responsible for ensuring the security and integrity of personal information. This includes implementing measures to prevent unauthorized access, accidental loss, or misuse of data.

The law also restricts how data can be transferred across Vietnamese borders. This ensures that the strong data protection standards established by the PDPD are maintained even when information is shared internationally. Additionally, the PDPD sets limitations on specific data processing activities, including the buying and selling of personal information, as well as how organizations can approach marketing and advertising practices that involve personal data.

The PDPD is not an isolated effort. It complements existing Vietnamese legislation that contributes to a robust data privacy framework. These include the Law on Cyber Information Security №86/2015/QH13 (LCIS), the Law on Cybersecurity №24/2018/QH14 (Cybersecurity Law), and Law №59/2010/QH12 of 17 November 2010 on Protection of Consumers’ Rights. Additionally, Decree №53/2022/ND-CP Detailing Some Articles of Network Security Law outlines data localization requirements within Vietnam. Vietnam’s commitment to data privacy extends beyond its borders, as the country is a party to international agreements like the APEC Privacy Framework and the ASEAN Framework on Personal Data Protection.

Businesses Must Prioritize Secure Data Destruction

With the emphasis on data security within the PDPD, businesses that handle personal information in Vietnam should prioritize implementing robust data destruction solutions. This ensures that data is completely removed from devices when it’s no longer required by law or for business purposes. Degaussers, which utilize powerful magnetic fields to erase data on traditional hard drives, are a reliable method for achieving complete data removal. Businesses can explore various degaussing options, such as the DataGauss Max from Verity Systems or the Crunch 250 for hard drive destruction. These advanced solutions offer a secure and compliant way to manage data lifecycles and ensure adherence to the PDPD’s data security requirements.

Photo credit: Iconica Media