Thao Thu Bui and Waewpen Piemwichai of Tilleke & Gibbins write:
At a conference organized by Vietnam’s Ministry of Public Security (MPS) on June 7, 2023, government officials provided more guidance on the recently issued Personal Data Protection Decree (PDPD), which is set to take effect on July 1, 2023.
Key takeaways included the following:
- A national portal on personal data protection for online submission of notifications and registrations will be launched before July 1, 2023. The MPS also plans to issue templates for data processing impact assessments (DPIAs) and transfer impact assessments (TIAs) in the near future.
- Since the sale and purchase of personal data is strictly prohibited unless explicitly permitted by law, the MPS has handled approximately 14 cases involving unlawful trading of personal data, including sensitive data. Under the PDPD, sensitive data has a broader definition than under the GDPR (the European Union’s General Data Protection Regulation), and also includes location data, creditworthiness, and personal financial data.
- Consent is not a legal basis for the trading of personal data, including sensitive data.
Read more at Tilleke & Gibbins.