Xem bản Tiếng Việt
Vietnam's Ministry of Public Security is currently drafting the Law on Personal Data Protection and is in the process of gathering public feedback on the proposed draft.
This Draft Law is expected to be a more comprehensive and advanced framework than the existing Personal Data Protection Decree, introducing significant changes. Key updates include an expanded territorial scope, mandatory evaluations of data protection credibility, stricter conditions for obtaining consent, additional requirements for processing impact assessments, clearer regulations on cross-border data transfers, mandatory updates to regulatory filings, and contracts with data subjects. The Draft Law also proposes special requirements for processing sensitive data such as credit information, location data, biometric data, and employee data used for monitoring.
One of the most notable aspects of the Draft Law is its focus on regulating sector-specific data processing activities in areas like behavioral or targeted advertising, big data, artificial intelligence, cloud computing, banking and finance, social media and OTT platforms, marketing, and healthcare.
The Law is expected to be enacted in May 2025 and come into effect by January 2026. However, we strongly recommend that all enterprises involved in personal data processing in Vietnam begin preparations now, as the compliance requirements are expected to be extensive. We would be happy to discuss how you can start updating your policies, documents, procedures, and processes to align with the upcoming regulations.
Notable updates
Special data processing cases
New sectoral requirements
