National Assembly deputies approved the Law on Personal Data Protection. Photo: QUANG PHUC
Previously, presenting a report explaining, accepting and revising the draft Law, Chairman of the National Defense, Security and Foreign Affairs Committee Le Tan Toi said that the majority of opinions agreed on the necessity of promulgating the law.
Many comments were made on the scope of regulation and subjects of application, interpretation of terms, principles of personal data protection, application of law, prohibited conduct, handling of violations and international cooperation. In response to comments from National Assembly deputies, the draft revised the concept of “personal data” and added definitions of “basic personal data”, “sensitive personal data”, “protection of personal data”, and “assessment of the impact of personal data processing”.
The draft law also revises the regulation prohibiting the buying and selling of personal data; redesigns the regulation on handling violations of the law on personal data protection according to the nature, level, and consequences of the violation.
Specifically: for the act of buying and selling personal data, the fine can be up to 10 times the revenue from the violation; for the act of violating the regulations on transferring personal data across borders, the maximum fine is 5% of the revenue of the previous year; for other violations, the maximum fine is 3 billion VND; for individuals, the fine is half that of organizations.
Chairman of the National Assembly's Committee on National Defense, Security and Foreign Affairs Le Tan Toi presented a report explaining, accepting and revising the draft Law on Personal Data Protection on the morning of June 26. Photo: QUANG PHUC
Regarding the protection of personal data during the processing and use of personal data, the draft has strictly regulated the mechanism for implementing the rights of data subjects, personal data processing activities, specifically: collecting, analyzing, synthesizing, encoding, decoding, editing, deleting, destroying, de-identifying, providing, publicizing, transferring personal data and other activities affecting personal data, cases of processing personal data without the consent of the data subject...
The Law stipulates that the personal data protection force includes: The agency in charge of personal data protection under the Ministry of Public Security ; the department and personnel for personal data protection in agencies and organizations; organizations and individuals providing personal data protection services; organizations and individuals mobilized to participate in personal data protection.
In order to reduce the burden of legal compliance, the draft law has added a provision that small businesses and startups have the right to choose whether or not to comply with the regulations on preparing impact assessment records, designating departments and personnel to protect personal data within 5 years from the effective date of the law and exempts business households and micro-enterprises from compliance.
The law comes into effect on January 1, 2026.
Prohibited acts related to personal data:
1. Processing personal data to oppose the Socialist Republic of Vietnam, affecting national defense, national security, social order and safety, and the legitimate rights and interests of agencies, organizations and individuals.
2. Obstructing personal data protection activities.
3. Taking advantage of personal data protection activities to commit illegal acts.
4. Processing personal data contrary to the provisions of law.
5. Using other people's personal data, allowing others to use your personal data to commit acts contrary to the provisions of law.
6. Buying and selling personal data, except where otherwise provided by law.
7. Appropriation, intentional disclosure or loss of personal data.
PHAN THAO
Source: https://www.sggp.org.vn/cam-chiem-doat-co-y-lam-lo-lam-mat-du-lieu-ca-nhan-post801161.html
Comment (0)