You are currently viewing EXPLAINER : Will Vietnam Draft Personal Data Protection Law Help or Hurt the Fast  Growing Economy
Representation image: This image is an artistic interpretation related to the article theme.

EXPLAINER : Will Vietnam Draft Personal Data Protection Law Help or Hurt the Fast Growing Economy

Overview of the New Law

The new law aims to protect the personal data of Vietnamese citizens and foreigners living in Vietnam. The law will apply to all entities, including businesses, organizations, and government agencies. The law’s primary goal is to ensure that personal data is handled in a secure and transparent manner.

Key Provisions

  • The law requires entities to obtain explicit consent from individuals before collecting, processing, and transferring their personal data. Entities must implement technical and organizational measures to ensure the security and integrity of personal data. The law establishes a Data Protection Authority to oversee the implementation of the law and handle complaints. The law provides for penalties for non-compliance, including fines and imprisonment. ## Impact on Businesses
  • Impact on Businesses

    The new law is expected to have a significant impact on businesses operating in Vietnam. The law’s stringent provisions will require businesses to implement robust data protection measures to ensure the security and integrity of personal data. Businesses must ensure that they have a clear data protection policy in place, including procedures for obtaining consent and handling data breaches. Businesses must also ensure that they have implemented technical and organizational measures to protect personal data, such as encryption and access controls.

    These assessments are designed to evaluate the potential impact of data transfers on the environment, human health, and the economy.

    The Draft Law: A Comprehensive Approach to Cross-Border Data Transfers

    The draft law aims to establish a comprehensive framework for cross-border data transfers, building upon the existing requirements set out in the current PDP Decree.

    The Impact of Cross-Border Data Transfers on the Economy

    The increasing demand for digital services has led to a significant rise in cross-border data transfers. This trend is expected to continue, with the global data transfer market projected to reach $1.3 trillion by 2025. However, the new legal requirements on cross-border data transfers pose a challenge to the economy. The new regulations require companies to obtain explicit consent from individuals before transferring their personal data across borders. The regulations also impose strict data protection standards, including the use of secure encryption and regular audits. Furthermore, the regulations require companies to provide individuals with clear information about the data being transferred and the purposes for which it will be used.

    The Concerns of Lawyers

    Lawyers from Vision & Associates (V&A) in Vietnam believe that these new legal requirements could have a significant impact on the economy. They argue that the regulations could lead to increased costs for companies, which could ultimately be passed on to consumers. The lawyers point out that the regulations require companies to invest in new infrastructure and technology to ensure compliance.

    Introduction

    The Digital Payments Infrastructure Act (DPIA) and the Telecommunications Infrastructure Act (TIA) are two significant pieces of legislation that have been introduced in the UK to regulate the digital payments and telecommunications sectors. These acts aim to ensure that the UK’s digital payments and telecommunications infrastructure are secure, reliable, and compliant with international standards.

    Background

    The DPIA and TIA are part of a broader effort to strengthen the UK’s digital economy and improve the security of its digital payments and telecommunications systems.

    The Draft PDPL: A New Era in Data Protection

    The draft Personal Data Protection Law (PDPL) is a significant development in the regulation of personal data in the European Union. The proposed law aims to strengthen the current data protection framework and provide a more comprehensive approach to protecting individuals’ personal data. In this article, we will delve into the key aspects of the draft PDPL, focusing on the establishment of a “personal data protection organisation” and the role of the Data Protection Officer (DPO).

    The Concept of a Personal Data Protection Organisation

    The draft PDPL requires almost all data controllers and processors to establish a “personal data protection organisation”. This organisation is a critical component of the proposed law, as it ensures that data controllers and processors have a dedicated team responsible for ensuring the protection of personal data. The organisation must include at least one Data Protection Officer (DPO) with specific qualifications.

    The Impact of the Draft Data Protection Law on SMEs and Startups

    The draft data protection law, which is currently under review, has significant implications for small and medium-sized enterprises (SMEs) and startups. These businesses often rely on data to operate efficiently and make informed decisions, but the draft law’s requirements may pose a challenge to their ability to collect, process, and use data.

    The Key Provisions of the Draft Law

  • The draft law requires companies to implement data protection measures, such as data minimisation, data protection by design, and data subject rights. Companies must also appoint a data protection officer (DPO) to oversee data protection compliance. The draft law also introduces new data protection rules for online services, including requirements for transparency, accountability, and data subject consent. ### The Impact on SMEs and Startups*
  • The Impact on SMEs and Startups

  • SMEs and startups may be exempt from the requirement to appoint a DPO for the first two years after establishment. However, the draft law’s requirements for data minimisation and data protection by design may still pose a challenge to these businesses.

    The Impact of the Data Protection Act 2018 on Businesses

    The Data Protection Act 2018 (DPA 2018) has significant implications for businesses in the UK. The Act sets out a framework for the protection of personal data, and its implementation has been influenced by European Union regulations, such as the General Data Protection Regulation (GDPR).

    Understanding the Requirements

    The DPA 2018 requires businesses to implement measures to ensure the security and integrity of personal data. This includes:

  • Conducting a data protection impact assessment (DPIA) to identify and mitigate risks
  • Implementing data protection by design and default
  • Providing transparency and accountability in data processing
  • Ensuring the confidentiality, integrity, and availability of personal data
  • Compliance and Implementation

    Businesses must act quickly to comply with the applicable requirements. Failure to do so can result in significant fines and reputational damage. Lawmakers were influenced by similar laws of other jurisdictions, including Europe’s GDPR.

    Leave a Reply