RULES FOR PROTECTION OF PERSONAL DATA

Decree No. 13/2023/NĐ-CP dated April 17, 2023, which has recently come into effect in July, comprehensively regulates various issues related to personal data. Among these provisions, a crucial aspect is the content detailing the principles of personal data protection.

22/01/2024

RULES FOR PROTECTION OF PERSONAL DATA
  1. Legal basis
  • Decree No. 13/2023/NĐ-CP on protection of personal data
  1. Overview of personal data

Clause 1, Article 2 of Decree No. 13/2023/NĐ-CP likely defines personal data as follows: Personal data refers to electronic information in the form of symbols, letters, numbers, images, sounds, or equivalences associated with an individual or used to identify an individual. The personal data includes general personal data and sensitive personal data.

  1. Rules for protection of personal data

According to Article 3 of Decree No. 13/2023/NĐ-CP, there are 8 principles for protecting personal data include:

  • The personal data shall be processed as prescribed by law.
  • The data subject shall be entitled to receive information related to the processing of his/her personal data, unless otherwise provided for by law.
  • The personal data shall be processed for the purposes that have been registered and declared by the Personal Data Controller, the Personal Data Processor, the Personal Data Controller-cum-Processor and the Third Party.
  • The collected personal data shall be appropriate for the scope and purposes of processing. The purchase or sale of personal data shall be prohibited in any form, unless otherwise provided for by law.
  • The personal data shall be updated and added for the processing purposes.
  • The personal data shall be protected and secured throughout the processing. To be specific, the personal data shall be protected from violations against regulations on protection of personal data and prevention of loss, destruction or damage caused by incidents and use of technical measures.
  • The personal data shall be stored within a period of time that is appropriate for the processing purposes, unless otherwise provided for by law.
  • The Personal Data Controller and the Personal Data Controller-cum-Processor shall comply with the rules for data processing specified in Clauses 1 through 7 of this Article and prove their compliance.

----------

For more information, please contact:

Hoang Pham (James) / Managing Partner at: hoang.pham@vselawyers.com

© 2023 VSE LAWYERS LIMITED LIABILITY LAW COMPANY – All rights reserved.

Attention: This legal update is not an advice and should not be treated as such.


Subscribe To Legal Advice from VSE Lawyers

If you would like to have any legal questions, please contact us for our advice

0938 683 594