Core data is defined as data that is critical to the functioning of the state, national security, or strategic economic infrastructure.
The decree establishes a framework for the protection and management of core data.
It sets out the responsibilities of domestic agencies, organisations, and individuals in relation to core data.
The decree also outlines the procedures for the handling and processing of core data.
Responsibilities of Domestic Agencies, Organisations, and Individuals
Domestic agencies, organisations, and individuals have distinct responsibilities when it comes to core data.
This requirement is aimed at ensuring the data is handled securely and in compliance with Vietnamese regulations.
*Mandatory risk assessment*: Businesses must conduct a thorough risk assessment to determine the potential risks associated with transferring personal data outside Vietnam.
*Data minimisation*: Businesses must only collect and process the minimum amount of personal data necessary to achieve their intended purpose.
*Data encryption*: Businesses must ensure that personal data is encrypted and protected from unauthorized access.
*Data storage*: Businesses must ensure that personal data is stored securely and in compliance with Vietnamese regulations.
Compliance with International Standards
The draft decree also emphasizes the importance of compliance with international standards for data protection. This includes:
*Adherence to international data protection frameworks*: Businesses must adhere to international data protection frameworks such as the General Data Protection Regulation (GDPR) and the European Union’s Data Protection Directive.
*Participation in international data protection certification schemes*: Businesses must participate in international data protection certification schemes such as the International Organization for Standardization (ISO) 27001 certification.
Implications for Businesses
The draft decree has significant implications for businesses operating in Vietnam.
The draft decree does not provide clear guidelines on how to handle situations where the subject is not present or cannot be located. The draft decree does not offer any guidance on how to handle situations where the access is denied or refused by the subject.
This will enable the draft to effectively manage and monitor government data, ensuring transparency and accountability.
The creation of a national data centre, which will serve as a centralised hub for government data collection, storage, and exchange.
The implementation of a data governance framework, which will ensure that data is collected, stored, and exchanged in a secure and transparent manner.
The development of a data analytics platform, which will enable the government to gain insights into government data and make informed decisions.
The establishment of a data sharing framework, which will enable the government to share data with other government agencies and external partners.
Benefits of the Draft
The draft is expected to bring several benefits to the government, including:
Improved transparency and accountability: By creating a centralised hub for government data, the draft will enable the government to track and monitor data in real-time, ensuring that data is accurate and up-to-date.
Enhanced decision-making: The data analytics platform will enable the government to gain insights into government data, making it easier to make informed decisions.
Increased efficiency: The data sharing framework will enable the government to share data with other government agencies and external partners, streamlining processes and reducing duplication of effort.
Challenges and Limitations
While the draft is expected to bring several benefits, it also poses several challenges and limitations.
Here are some key takeaways:
Key Takeaways
The draft decree sets a new standard for data governance in Vietnam, emphasizing the importance of transparency and accountability.
Companies must ensure they have a clear data governance framework in place, outlining roles and responsibilities, data storage and processing procedures, and data protection policies.
The decree introduces new requirements for data subject consent, data breach notification, and data protection impact assessments.
Companies must also ensure they have the necessary infrastructure and technical capabilities to support these new regulations.
Understanding the Impact on Companies
The draft decree has significant implications for companies operating in Vietnam. To navigate this evolving regulatory landscape, companies must take a proactive approach.
