Preventing violations
The decree clarifies that personal data is information in the form of symbols, writing, numbers, images, sounds, or similar forms in an electronic environment that is associated with or helps to identify a specific person. Personal data includes basic personal data and sensitive personal data .
Basic personal data includes: Surname, middle name and given name, other names (if any); date of birth; date of death or disappearance; gender; place of birth, place of birth registration, permanent residence, temporary residence, current residence, hometown, contact address; nationality; personal image; phone number, national identity card number, personal identification number, passport number, driver's license number, vehicle license plate number, personal tax code, social insurance number, health insurance card number; marital status; information about family relationships (parents, children); information about the individual's digital account; personal data reflecting activity and activity history on the internet; other information associated with or helping to identify a specific person.
The national identity card stores a lot of personal data.
Sensitive personal data is personal data linked to an individual's privacy that, if violated, would directly affect the individual's legitimate rights and interests, including: political and religious views; health and personal information recorded in medical records (excluding blood type information); information related to racial and ethnic origin; information about inherited or acquired genetic characteristics; information about an individual's physical attributes and unique biological characteristics; information about an individual's sex life and sexual orientation, etc.
The law strictly prohibits the buying and selling of personal data.
Personal data protection is the activity of preventing, detecting, stopping, and handling violations related to personal data in accordance with the law.
Personal data protection measures
The decree states that measures to protect personal data are applied from the very beginning and throughout the entire process of handling personal data.
Personal data protection measures include: Management measures implemented by organizations and individuals involved in processing personal data; Technical measures implemented by organizations and individuals involved in processing personal data; Measures implemented by competent state management agencies in accordance with the provisions of this Decree and relevant laws; Investigation and prosecution measures implemented by competent state agencies; and other measures as prescribed by law.
Basic personal data protection involves applying the aforementioned personal data protection measures; developing and promulgating regulations on personal data protection, clearly outlining the actions required under this Decree. It encourages the application of personal data protection standards appropriate to the field, industry, and activities related to personal data processing. Cybersecurity checks should be conducted on systems and equipment used for processing personal data before processing, permanently deleting, or destroying devices containing personal data.
Protecting sensitive personal data involves implementing the aforementioned basic personal data protection measures; designating a department responsible for personal data protection, appointing personnel in charge of personal data protection, and exchanging information about the department and individuals responsible for personal data protection with the specialized personal data protection agency…
The agency responsible for protecting personal data.
The decree clearly states that the specialized agency responsible for protecting personal data is the Cyber Security and High-Tech Crime Prevention Department of the Ministry of Public Security , which is responsible for assisting the Ministry of Public Security in carrying out state management of personal data protection.
National portal on personal data protection: Provides information on the Party's guidelines, policies, and the State's laws on personal data protection; disseminates policies and laws on personal data protection; updates information on the situation of personal data protection; receives information, documents, and data on personal data protection activities via cyberspace; provides information on the results of evaluating the personal data protection work of relevant agencies, organizations, and individuals.
In addition, the National Portal on Personal Data Protection receives notifications of violations of regulations on personal data protection; warns and coordinates warnings about risks and acts of personal data infringement as prescribed by law; handles violations of personal data protection as prescribed by law; and carries out other activities as prescribed by law on personal data protection.
Conditions for ensuring the protection of personal data.
The personal data protection force includes: a dedicated personal data protection force stationed at a specialized personal data protection agency; departments and personnel with the function of protecting personal data designated within agencies, organizations, and businesses to ensure compliance with personal data protection regulations; organizations and individuals mobilized to participate in personal data protection; and the Ministry of Public Security developing specific programs and plans to develop human resources for personal data protection.
Agencies, organizations, and individuals are responsible for disseminating knowledge and skills, and raising awareness about protecting personal data among agencies, organizations, and individuals.
Ensuring adequate infrastructure and operating conditions for specialized agencies responsible for protecting personal data.
Source
![[Photo] President Luong Cuong and his wife offer incense at the statue of King Ly Thai To and Ngoc Son Temple.](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2026/02/08/1770526632222_ndo_br_1-jpg.webp)
Comment (0)