Last review date: 5 January 2024

Yes.

Data controllers and processors are required to submit a Personal Data Impact Assessment ("DPIA") to the MPS (the A05 Department) whenever engaging in personal data processing operations regulated by the PDPD. If personal data of a Vietnamese citizen is transferred overseas, data exporters must submit an Overseas Data Transfer Impact Assessment ("OTIA") to the MPS A05. Decision No. 4660/QD-BCA announcing newly issued administrative procedures in personal data protection under the Ministry of Public Security's authority ("Decision 4660") stipulates new DPIA and OTIA templates, according to which consent forms and data processing agreements must accompany the assessment dossier. Approval of the DPIA and OTIA is however not a prerequisite for data processing or overseas transfer.