HOT NEWS
The draft Personal Data Protection Law has officially been released for public consultation!
The draft Personal Data Protection Law has proposed regulations on the protection of personal data and the responsibilities of relevant agencies, organizations, and individuals in protecting personal data. Additionally, the draft Personal Data Protection Law is expected to apply to:
- Vietnamese agencies, organizations, and individuals;
- Foreign agencies, organizations, and individuals in Vietnam;
- Vietnamese agencies, organizations, and individuals operating abroad;
- Foreign agencies, organizations, and individuals 1 directly participating in or related to personal data processing activities in Vietnam;
- Agencies, organizations, and individuals collecting and processing personal data of foreigners within the territory of the Socialist Republic of Vietnam.
Below are some specific provisions proposed in the draft Personal Data Protection Law:
(1) Regulations on personal data protection in financial, banking, credit, and credit information activities
- Financial, banking, and credit companies:
- Shall not buy, sell credit information or illegally transfer credit information between financial, banking, and credit institutions;
- Shall not send or transmit plaintext data on the finances and credit of data subjects between financial, banking, and credit institutions;
- Shall fully apply regulations on the protection of sensitive personal data and security standards for payments and credit as prescribed by law;
- Shall not use the credit information of data subjects to score creditworthiness and assess the creditworthiness of data subjects without the consent of the data subject;
- The results of the credit information assessment of data subjects shall only be in the form of Pass or Fail, Yes or No, True or False, or a score based on data that financial, banking, and credit institutions collect directly from customers;
- Shall clearly identify and declare the stages that require the application of personal data de-identification measures;
- Must notify data subjects of incidents and losses of financial account information.
- Organizations providing credit information, banking, insurance, finance, and payment intermediary services shall not illegally provide or transfer personal data to each other and to other organizations and businesses, except as permitted by law.
- Credit information and credit information products of data subjects shall only be provided to organizations and individuals that are financial, banking, and credit institutions when there are legal provisions.
- The competent authority for personal data protection is the focal point for requesting the provision of credit information to serve the investigation and handling of violations of the law as prescribed.
(2) Additional provisions on Personal Data Protection Experts
- Personal data protection experts, including:
- Personal data protection experts with sufficient technological and legal capacity;
- Personal data protection experts with sufficient technological capacity;
- Personal data protection experts with sufficient legal capacity.
- Conditions for granting certificates to personal data protection experts with sufficient technological and legal capacity:
- Have a college degree or above in security, information security, or cybersecurity;
- Have a college degree or above in law;
- Have completed a course to certify sufficient legal and technological capacity for personal data protection.
- Conditions for granting certificates to personal data protection experts with sufficient legal capacity:
- Have a college degree or above in law;
- Have completed a course to certify sufficient legal capacity for personal data protection.
- Conditions for granting certificates to personal data protection experts with sufficient technological capacity:
- Have a college degree or above in security, information security, or cybersecurity;
- Have completed a course to certify sufficient technological capacity for personal data protection.
- Micro-enterprises, small enterprises, medium-sized enterprises, and startups are entitled to exempt the provision on personal data protection experts for the first 2 years from the date of establishment of the enterprise, but this does not apply to micro-enterprises, small enterprises, medium-sized enterprises, and startups that directly engage in personal data processing activities.
REDDIT FINED Β£14.47 MILLION FOR CHILDRENβS PRIVACY FAILURES β A LANDMARK UK ENFORCEMENT ACTION
π π₯πππππ§ πππ‘ππ Β£14.47 π πππππ’π‘ ππ’π₯ ππππππ₯ππ‘βπ¦ π£π₯ππ©πππ¬ πππππ¨π₯ππ¦ β π πππ‘ππ ππ₯π π¨π ππ‘ππ’π₯πππ ππ‘π§ πππ§ππ’π‘ Recently, the Information Commissioner’s Office (ICO) imposed a fine of approximately Β£14.47 million (~USD 19.5 million) on Reddit for processing the personal data of users under 13 without implementing appropriate age verification measures. This is reported to be the largest […]
Learn more
RECRUITMENT ANNOUNCEMENT β MARKETING INTERN
Privacy Compliance Joint Stock Company is recruiting a Marketing Intern to support communication and brand development activities in the field of personal data protection and privacy. Job Description Assist in developing and implementing communication plans and content (website, LinkedIn, Facebook, email marketing, etc.). Coordinate in editing articles on data protection, compliance, and risk management (under […]
Learn more
RECRUITMENT ANNOUNCEMENT β PRIVACY ASSOCIATE
Privacy Compliance Joint Stock Company is recruiting a Privacy Associate in the field of personal data protection and privacy. Job Description Advise clients on personal data protection matters. Review, develop, and refine internal policies and procedures; assess compliance levels and propose improvement roadmaps. Conduct Data Protection Impact Assessments (DPIA) and Data Transfer Impact Assessments (DTIA). […]
Learn more