NEW REGULATIONS ON PERSONAL DATA PROTECTION, WHAT DO ENTERPRISES NEED TO DO?

NEW REGULATIONS ON PERSONAL DATA PROTECTION, WHAT DO ENTERPRISES NEED TO DO?

Personal data processing is the process of collecting, recording, analyzing, confirming, storing, editing, publishing, copying, sharing, transmitting, providing, transferring, etc. information related to individual. This activity includes any action related to personal data, related to information such as name, address, phone number, or sensitive data such as privacy status, or health data. … During the implementation process, the  personal data protection must comply with relevant legal regulations and rules, to ensure that personal private data is processed legally, transparently, and safe.

1.         Who are responsible for personal data protection?

Objects requiring compliance with regulations on personal data protection include Vietnamese and foreign agencies, organizations and individuals directly participating or related to personal data processing activities in Vietnam. Specifically:

–           Personal Data Controller refers to an organization or individual that decides purposes and means of processing personal data.

–           Personal Data Processor refers to an organization or individual that processes data on behalf of the Personal Data Controller via a contract or agreement with the Personal Data Controller.

–           Personal Data Controller-cum-Processor refers to an organization or individual that jointly decides purposes and means, and directly processes personal data.

–           Third Party refers to an organization or individual other than the data subject, Personal Data Controller, Personal Data Processor, and Personal Data Controller-cum-Processor that is permitted to process personal data.

2.         How is personal data determined?

Personal data refers to electronic information in the form of symbols, letters, numbers, images, sounds, or equivalences associated with an individual or used to identify an individual. The personal data includes general personal data and sensitive personal data.

–           General personal data includes:

+          Last name, middle name and first name, other names (if any);

+          Date of birth; date of death or going missing;

+          Gender;

+          Place of birth, registered place of birth; place of permanent residence; place of temporary residence; current place of residence; hometown; contact address;

+          Nationality;

+          Personal image;

+          Phone number; ID Card number, personal identification number, passport number, driver’s license number, license plate, taxpayer identification number, social security number and health insurance card number;

+          Marital status;

+          Information about the individual’s family relationship (parents, children);

+          Digital account information; personal data that reflects activities and activity history in cyberspace;

+          Information associated with an individual or used to identify an individual other than sensitive personal data.

–           Sensitive personal data includes:

+          Political and religious opinions;

+          Health condition and personal information stated in health record, excluding information on blood group;

+          Information about racial or ethnic origin;

+          Information about genetic data related to an individual’s inherited or acquired genetic characteristics;

+          Information about an individual’s own biometric or biological characteristics;

+          Information about an individual’s sex life or sexual orientation.

+          Data on crimes and criminal activities collected and stored by law enforcement agencies;

+          Information on customers of credit institutions, foreign bank branches, payment service providers and other licensed institutions, including: customer identification as prescribed by law, accounts, deposits, deposited assets, transactions, organizations and individuals that are guarantors at credit institutions, bank branches, and payment service providers;

+          Personal location identified via location services;

+          Other specific personal data as prescribed by law that requires special protection.

>> OUTWARD INVESTMENT REGISTRATION CERTIFICATES https://linconlaw.vn/outward-investment-registration-certificates/

>> PROCEDURES FOR ISSUANCE OF ELIGIBILITY CERTIFICATE  FOR CONSTRUCTION DESIGN (ASSESSMENT), CLASS II https://linconlaw.vn/procedures-for-issuance-of-eligibility-certificate-for-construction-design-assessment-class-ii/

NEW REGULATIONS ON PERSONAL DATA PROTECTION, WHAT DO ENTERPRISES NEED TO DO?

3.         To comply with personal data protection regulations, what enterprises need to do?

Implementing regulations on personal data protection from July 1, 2023, enterprises with related activities should note:

–           To receive and process personal data complying with the correct procedures and after obtaining regulatory agreements and valid consent from the data subject. The data subject’s consent must be expressed clearly and specifically by valid methods (text, voice, checking the consent box…). Silence or non-response of the data subject is not considered consent.

–           To ensure  rights of data subjects (including rights to know; consent; access; withdraw consent; data deletion; restriction of data processing; data provision; object to data processing; complain, denounce, sue; self-defense).

–           To develop and promulgate regulations on personal data protection; To assign and designate a specialized department in charge of protecting personal data as the subject of processing.

–           To implement organizational and technical measures; Appropriate safety and security measures to prove that data processing activities have been performed; To review and update measures when necessary.

–           To record and store system logs of personal data processing.

–           To fully implement impact assessment reports on personal data processing and outbound transfer of personal data  according to regulations.

–           To notify violations and coordinate to investigate and handle violations.

Legal basis:

  • Decree 13/2023/ND-CP on personal data protection promulgated on April 17, 2023.

𝐋𝐈𝐍𝐂𝐎𝐍 𝐋𝐀𝐖 𝐅𝐈𝐑𝐌 – 𝐒𝐮𝐬𝐭𝐚𝐢𝐧𝐚𝐛𝐥𝐞 𝐜𝐨𝐨𝐩𝐞𝐫𝐚𝐭𝐢𝐨𝐧

Bình Luận

Bình Luận

Chưa có bình luận nào.

Trả lời

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *