At a glance
- The government’s Decree 13/2023/ND-CP (Decree 13) dated 17 April 2023 on personal data protection, came into effect on 1 July 2023.
- Decree 13 sets out personal data protection obligations and responsibilities for domestic and foreign organisations as well as individuals.
- Decree 13 also applies to employers who are involved in activities which involve processing their employees’ personal data.
We would like to express gratitude to VNA Legal for their contribution on this publication.
Decree 13 came into effect on 1 July 2023. It sets out personal data protection obligations and responsibilities for domestic and foreign organisations as well as individuals that are involved in activities which involve the processing of personal data in Vietnam (processing personal data is defined under Decree 13 to include one or more activities affecting personal data, such as collecting, recording, analysing, confirming, storing editing, publicising, combining, accessing, retrieving, revoking, encrypting, decoding, copying, sharing, transmitting, supplying, transferring, deleting, and destruction of personal data or other related actions).
Decree 13 also applies to employers who are involved in activities which require them to process their employees’ personal data. It imposes various obligations on employers to protect the personal data of their employees (including obligations on notification of processing personal data to the employees, obtaining the employees’ consent, notification of personal data breaches, and impact assessment reports to authorities for processing personal data and cross border transfer of personal data, etc).
More to explore
