Global Data and Cyber Handbook

Vietnam

Select a Topic
Start Comparison
DPOs and Notification Requirements
Jump to
DPOs and Notification Requirements Start Comparison
Is the concept of data protection officer (DPO) recognized in the jurisdiction?

Last review date: 2 January 2025

Yes.

Are there circumstances in which it is mandatory to appoint a DPO or similar position?

Last review date: 2 January 2025

Yes.

If yes, under what circumstances?

☒  other

The PDPD requires the designation of a data protection officer and department when sensitive personal data is under processing.

Where a DPO is appointed, does the DPO have to meet specific requirements?

Last review date: 2 January 2025

N/A

The PDPD is silent on the specific requirements that a DPO must meet.

Are there obligations to notify, submit filings to, register with or obtain approval from local data protection authorities to collect and/or process personal data generally?

Last review date: 2 January 2025

Yes.

Data controllers and processors are required to submit a Personal Data Impact Assessment ("DPIA") to the MPS (the A05 Department) when engaging in personal data processing operations regulated by the PDPD. If personal data of a Vietnamese citizen is transferred overseas, data exporters must submit an Overseas Data Transfer Impact Assessment ("OTIA") to the MPS A05. Decision No. 4660/QD-BCA announcing newly issued administrative procedures in personal data protection under the Ministry of Public Security's authority ("Decision 4660") stipulates new DPIA and OTIA templates, according to which consent forms and data processing agreements must accompany the assessment dossier. Approval of the DPIA and OTIA is, however, not a prerequisite for data processing or overseas transfer.

{{ $store.state.loadingScreen.message }} ...