Protection of personal data

Preventing Violations

The Decree clearly states that personal data is information in the form of symbols, letters, numbers, images, sounds or similar forms in the electronic environment that are associated with a specific person or help identify a specific person. Personal data includes basic personal data and sensitive personal data .
Basic personal data includes: Surname, middle name and birth name, other names (if any); date of birth; date of death or disappearance; gender; place of birth, place of birth registration, permanent residence, temporary residence, current residence, hometown, contact address; nationality; personal image; phone number, identity card number, personal identification number, passport number, driver's license number, license plate number, personal tax code number, social insurance number, health insurance card number; marital status; information about family relationships (parents, children); information about personal digital accounts; personal data reflecting activities and history of activities on cyberspace; other information associated with a specific person or helping to identify a specific person.

Citizen identification cards store a lot of personal data

Sensitive personal data is personal data related to the privacy of an individual that, when violated, will directly affect the legitimate rights and interests of an individual, including: Political views, religious views; health status and privacy recorded in medical records, excluding information about blood type; information related to racial origin, ethnic origin; information about inherited or acquired genetic characteristics of an individual; information about physical attributes, biological characteristics of an individual; information about sexual life, sexual orientation of an individual...

The law prohibits the buying and selling of personal data.

Personal data protection is the activity of preventing, detecting, stopping and handling violations related to personal data according to the provisions of law.

Measures to protect personal data

The Decree clearly states that personal data protection measures are applied from the beginning and throughout the process of processing personal data.

Measures to protect personal data include: Management measures implemented by organizations and individuals involved in processing personal data; Technical measures implemented by organizations and individuals involved in processing personal data; Measures implemented by competent state management agencies in accordance with the provisions of this Decree and relevant laws; Investigation and prosecution measures implemented by competent state agencies; Other measures as prescribed by law.

Basic personal data protection is to apply the above personal data protection measures; develop and promulgate regulations on personal data protection, clearly stating the tasks to be performed according to the provisions of this Decree. Encourage the application of personal data protection standards appropriate to the fields, professions, and activities related to personal data processing. Check the network security of systems, means, and equipment serving personal data processing before processing, delete irreversibly, or destroy devices containing personal data.

Protecting sensitive personal data means applying the above basic personal data protection and protection measures; designating a department with the function of protecting personal data, designating personnel in charge of protecting personal data, and exchanging information about the department and individuals in charge of protecting personal data with the agency specializing in protecting personal data...

Personal Data Protection Authority

The Decree clearly states that the agency responsible for protecting personal data is the Department of Cyber ​​Security and High-Tech Crime Prevention and Control - Ministry of Public Security , responsible for assisting the Ministry of Public Security in performing state management of personal data protection.

National portal on personal data protection: Providing information on the Party's guidelines, policies, and the State's laws on personal data protection; disseminating and popularizing policies and laws on personal data protection; updating information and the status of personal data protection; receiving information, records, and data on personal data protection activities via cyberspace; providing information on the results of personal data protection assessment of relevant agencies, organizations, and individuals.

In addition, the National Portal on Personal Data Protection receives notifications of violations of regulations on personal data protection; warns and coordinates warnings about risks and acts of personal data infringement in accordance with the law; handles violations of personal data protection in accordance with the law; and performs other activities in accordance with the law on personal data protection.

Conditions for ensuring personal data protection activities

The personal data protection force includes: The personal data protection force is arranged at the agency specializing in personal data protection; The department and personnel with the function of protecting personal data are assigned in the agency, organization, and enterprise to ensure the implementation of regulations on personal data protection; Organizations and individuals are mobilized to participate in personal data protection; The Ministry of Public Security develops specific programs and plans to develop human resources for personal data protection.

Agencies, organizations and individuals are responsible for disseminating knowledge and skills, and raising awareness of personal data protection for agencies, organizations and individuals.

Ensure facilities and operating conditions for the agency responsible for protecting personal data.

‎