Papers & Books

Consent for personal data processing under GDPR One of the basic principles of personal data processing under the EU’s General Data Protection Regulations (“GDPR”) is the lawfulness principle. This means that the processing of personal data must have a lawful basis. The most common basis that is generally relied upon for personal data processing is […]

EU Artificial Intelligence Act In April 2021, the European Commission proposed the first EU regulatory framework for artificial intelligence (AI). The proposed AI act is the first-ever attempt to enact a horizontal regulation for AI. Now the EU lawmakers are starting negotiations to finalize the new regulations, with substantial amendments to the Commission’s proposal including […]

Record of processing activities under GDPR A data controller (or processor) under the EU’s General Data Protection Regulation (“GDPR”) has many obligations it must adhere to in order to best protect the personal data being processed. One such obligation is creating and maintaining a Record of Processing Activities (“RoPA”). This is a basic yet effective […]

Do foreign enterprises have to store their data in Vietnam? In this day and age, data in general is increasingly becoming more and more valuable. Most service-based companies live off data collected from their clients, prime examples of this type of companies include social media networks such as Facebook or search engines such as Google […]

Data privacy in Vietnam’s medical examination and treatment Confidentiality of information in medical examination and treatment activities is an paramount issue. Leakages of patients’ information will negatively affect the patient’s psyche and could lead to many unwanted consequences. Such events also degrades the reputation of medical examination and treatment facilities in the eyes of patients. […]

Data protection impact assessment – statutory obligation for enterprises The introduction of Decree No. 13/2023/ND-CP on Protection of Personal data (“the Decree”) has substantially altered the responsibilities of enterprises and organizations related to personal data protection, including the obligation to assess the impact of personal data processing. Here are some important contents on the data protection impact […]

Cross-border data transfer – for a seamless flow of data Decree 13/2023/ND-CP on the Protection of Personal Data (“Decree”) has finally been issued with many completely new regulations designed to protect personal data and control the “flow” of personal data, as well as set obligations that every business must comply with. In particular, an issue […]

Personal data breaches in Vietnam Personal data[1] is of great value in today’s digital economy due to its advantages for businesses, such as market and customer analysis, advertising, product marketing, etc. Therefore, violations related to personal data such as attacks on personal data systems, and theft or trading of personal data have been increasing. Meanwhile, most […]

Sensitive personal data in Vietnam Personal data requires particular protection in this digital age. In particular, sensitive personal data is even more vulnerable, easy-attacked and easy-abused; creating negative effects on data subjects and the whole society. Therefore, it is necessary to build a legal system to protect personal data in general and sensitive data in […]

Designating data protection officer – new obligation on enterprises Obligations related to data protection that enterprises and organizations must comply with would completely change since the effective date of Decree No. 13/2023/ND-CP on Personal Data Protection (“Decree”). One obligation is to designate a department functioned with personal data protection, to appoint personnel in charge of […]