In many countries, the personal data processing is regulated by data protection laws, such as GDPR (General Data Protection Regulation) in the European Union. In Vietnam, these regulations also set certain requirements for organizations and enterprises within the scope of regulation to ensure transparency, user consent, and data security. So, what is general personal data and the responsibilities of the Data Controller?
1. What is general personal data?
Personal data refers to electronic information in the form of symbols, letters, numbers, images, sounds, or equivalences associated with an individual or used to identify an individual. The personal data includes general personal data and sensitive personal data.
General personal data includes:
– Last name, middle name and first name, other names (if any);
– Date of birth; date of death or going missing;
– Gender;
– Place of birth, registered place of birth; place of permanent residence; place of temporary residence; current place of residence; hometown; contact address;
– Nationality;
– Personal image;
– Phone number; ID Card number, personal identification number, passport number, driver’s license number, license plate, taxpayer identification number, social security number and health insurance card number;
– Marital status;
– Information about the individual’s family relationship (parents, children);
– Digital account information; personal data that reflects activities and activity history in cyberspace;
– Information associated with an individual or used to identify an individual other than sensitive personal data.
2. Who is responsible for protecting basic personal data?
Objects requiring compliance with regulations on personal data protection include Vietnamese and foreign agencies, organizations and individuals directly participating or related to personal data processing activities in Vietnam. Specifically:
– Personal Data Controller refers to an organization or individual that decides purposes and means of processing personal data.
– Personal Data Processor refers to an organization or individual that processes data on behalf of the Personal Data Controller via a contract or agreement with the Personal Data Controller.
– Personal Data Controller-cum-Processor refers to an organization or individual that jointly decides purposes and means, and directly processes personal data.
– Third Party refers to an organization or individual other than the data subject, Personal Data Controller, Personal Data Processor, and Personal Data Controller-cum-Processor that is permitted to process personal data.
>> PROCEDURES FOR ISSUANCE OF ELIGIBILITY CERTIFICATE FOR CONSTRUCTION EXECUTION CLASS II https://linconlaw.vn/procedures-for-issuance-of-eligibility-certificate-for-construction-execution-class-ii/
>> COMPANY PAYS SALARY IN FOREIGN CURRENCY, PERMITTED OR NOT? https://linconlaw.vn/company-pays-salary-in-foreign-currency-permitted-or-not/
3. Responsibilities of the Personal Data Controller to general personal data
– To apply basic personal data protection measures, to:
+ Apply management measures and technical measures related to personal data processing;
+ Develop and promulgate regulations on personal data protection, clearly stating what needs to be execute.
+ Encourage the application of personal data protection standards appropriate to the fields, industries, and activities related to personal data processing.
+ Check network security for systems and means and equipment serving personal data processing before processing, irreversibly deleting or destroying devices containing personal data.
– Implement organizational and technical measures and appropriate safety and security measures to prove that the personal data is processed in accordance with regulations of the law on protection of personal data, review and update these measures when necessary.
– Record and store log of the processing of personal data.
– Notify violations against regulations on protection of personal data according to regulations.
– Select an appropriate Personal Data Processor with specific tasks and only work with the Personal Data Processor that has appropriate measures for protecting personal data.
– Ensuring the rights of data subjects according to regulations, including:
+ Right to know;
+ To agree;
+ To access;
+ To withdraw consent;
+ To delete data;
+ To lmit data processing;
+ To provide data;
+ Object to data processing;
+ To implement complaints, denunciations, lawsuits;
+ Self-protection.
– Be responsible to the data subject for damage caused by the processing of personal data.
– Cooperate with the Ministry of Public Security and competent authorities in protecting personal data and providing information serving investigation and handling of violations against the law on protection of personal data.
Legal basis:
- Decree 13/2023/ND-CP on personal data protection promulgated on April 17, 2023.
𝐋𝐈𝐍𝐂𝐎𝐍 𝐋𝐀𝐖 𝐅𝐈𝐑𝐌 – 𝐒𝐮𝐬𝐭𝐚𝐢𝐧𝐚𝐛𝐥𝐞 𝐜𝐨𝐨𝐩𝐞𝐫𝐚𝐭𝐢𝐨𝐧
- In Hanoi: 4F Sudico Tower, Me Tri street, My Dinh 1 ward, Nam Tu Liem district, Hanoi city.
- In HCMC: 272 Do Phap Thuan, An Phu ward, Thu Duc city, Ho Chi Minh city.
- Website: http://linconlaw.vn/
- Email: Lawyer@linconlaw.vn
- Facebook: https://www.facebook.com/Linconlawfirmm
- Linkedln: linkedin.com/in/lincon-law-firm-100b96201
- Hotline: +84.987.733.358