Skip to content Skip to footer

Loading Results

Data protection and privacy services

Is your data adequately protected? Can you demonstrate your compliance?

Vietnam’s first ever draft Personal Data Protection Decree, once approved, will be the biggest ever shake-up in personal data protection space in the country. 

The Ministry of Public Security released on its website Vietnam’s Draft Decree on Personal Data Protection ("Draft Decree") for the public to submit their opinions by April 2021. If passed, it would establish the first comprehensive framework on data protection and privacy law in Vietnam.  

With the effective date as set out in the Draft Decree of 1 December 2021, being prepared is key. The regulations will be binding and applicable directly to all entities storing and processing personal data. 

The breach of the Personal Data Protection Decree can result in financial penalties up to 5 % of the total revenues of the company in Vietnam.

Reshaping the approach to personal data protection

In principle, this Draft Decree is in line with international standards, such as the EU’s General Data Protection Regulation (GDPR). The new requirements will change how companies: 

  • perform risk assessment in relation to personal data processing, 
  • adjust their current documentation and procedures to new regulation, and 
  • account for a wide spectrum of data subjects’ rights (people to whom the processed data apply).
PDPD journey

It adopts the broad definition of personal data, data subject’s rights, the concept of Data Protection Officer, extraterritorial applicability, and significant penalties for non-compliance. Click our Legal Newsbrief for highlights.

Who will be impacted by PDPD? Every company that processes personal data in Vietnam and abroad if a foreign entity processes personal data of Vietnamese residents. This can include sensitive personal data, transferring personal data abroad, having customers loyalty programs etc.

How we can help

When Vietnam’s Personal Data Protection Decree (PDPD) comes into effect, companies will not only need to implement the requirements but also care for the ongoing compliance with the regulation. 

PDPD framework support

  • PDPD implementation in the organisation
    • Inventory of personal data processing processes 
    • Gap analysis
    • Risk analysis and Data Protection Impact Assessment 
    • Preparation of documents, procedures, analyses 
    • IT/SEC adaptation, i.a. by development of documentation for data processing and organisational and technical measures for personal data protection  
  • Post implementation audit 
    • PDPD implementation methodology 
    • Check completeness of records of processing activities and records of all categories of processing activities
    • Review business processes for data processing security
  • Transborder transfers 
    • Identification of areas where personal data are processed outside Vietnam
    • Development of rules and requirements for secure data transfer outside Vietnam  
    • Drafting contractual clauses and other important documents to ensure the full transfer compliance with the PDPD

Maintaining compliance with PDPD

  • Permanent system of internal controls in the PDPD context
  • Risk radar for the Management Board
  • Periodic post-implementation audits 
  • Support for the Data Protection Officer 
  • Support during exercising the data subjects rights
  • Vendor’s verification and third party risk management
  • Impact analysis of new activities, processes
  • Update of documents, procedures
  • Privacy by design for new business solutions
  • Data Lifecycle Management 
  • Reconfiguration/ improvement of the existing IT security solutions
  • Analysis of validity related to implementation of new IT security solutions
  • Awareness raising – trainings
  • Support during relevant Authority controls / inspections

Security incidents

  • Pro-active incident management 
  • Analysis of vulnerability to incidents and examining the effectiveness of security 
  • Legal and information security support, investigation services in breach response
  • Support in communication with the relevant local authorities and data subjects

PDPD training

Please contact directly if your company is keen to:

  • Build and increase awareness about the regulation requirements, 
  • Give your employees practical skills necessary for work and secure personal data handling

Required fields are marked with an asterisk(*)

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Get in touch

Eva Szurminska Jaworska

Partner, PwC Legal Vietnam

Tel: +84 28 3823 0796, Ext.1510

Pho Duc Giang

Director, Data Trust and Cybersecurity Services, PwC Vietnam Cybersecurity Services Company

Tel: +84 28 3823 0796, ext. 1012

Do Danh Thanh

Director, IT and Cloud Transformation Services, PricewaterhouseCoopers Consulting Vietnam

Tel: +84 24 3946 2246, Ext. 3309

Sean Timings

Director, Forensics Services, PricewaterhouseCoopers Consulting Vietnam

Tel: +84 24 3946 2246