Requirements for ensuring data security during national digital transformation

On November 24, the National Cyber ​​Security Association held a seminar on "Cyber ​​Security Law 2025: A step forward in protecting data security".

Lieutenant Colonel Nguyen Dinh Do Thi, Deputy Head of the Cyber ​​Security Department, Department of Cyber ​​Security and High-Tech Crime Prevention, Ministry of Public Security, said that ensuring cyber security and data security of organizations and individuals is a continuous and inseparable requirement in the process of developing science, technology, innovation and digital transformation.

The Draft Law on Cyber ​​Security 2025 identifies the State's key policies on ensuring cyber security and data security, including: Prioritizing cyber security protection in national defense, security, socio -economy , science and technology and foreign affairs; building a safe cyberspace that does not harm national security and social order; focusing resources on building specialized forces, developing high-quality human resources, promoting research and development of cyber security technology; encouraging organizations and individuals to participate in handling risks and coordinating with competent authorities; prioritizing the use of Vietnam's cyber security industry products and services; strengthening international cooperation in protecting cyber security.

According to Mr. Vu Ngoc Son, Head of the Department of Research, Consulting, Technology Development and International Cooperation, National Cyber ​​Security Association, making data security a key content in the draft law is a prominent addition and very in line with the current trend. Nowadays, data is considered as “new oil”, a strategic resource of the country. When data is appropriated, leaked or used illegally, the damage is not only economic, but can also affect national security, digital sovereignty and social trust.

The inclusion of Data Security requirements in the new Law has determined: Data must be protected as a national resource, and data-related risks must be strictly controlled. The emphasis on data security in the law reflects modern management thinking, in line with the context where data has become a vital factor for every organization. This is a strategic, timely, and necessary step because it can fill the legal gap, demonstrating Vietnam's vision in proactively creating a safe and transparent cyberspace.

“One of the new points of the Draft Law on Cyber ​​Security 2025 is to emphasize the special role and responsibility of the heads of agencies, organizations and enterprises in ensuring cyber security. According to the regulations, the heads are not only responsible for implementing protection activities within the scope of management, but also must meet the requirements on knowledge and skills related to cyber security. This regulation reflects the reality: Cyber ​​security is only truly effective when it is given priority in governance and decision-making. If the head does not understand cyber security, all strategies, processes, technical investments and personnel assignments are at risk of being just formalities or being implemented without focus,” Mr. Vu Ngoc Son shared.

Mr. Tran Cong Quynh Lan, Deputy General Director of Vietnam Joint Stock Commercial Bank for Industry and Trade (VietinBank), said that early and systematic compliance with the Law on Cyber ​​Security 2025 will help the unit become a pioneer bank in the industry in information security; creating a competitive advantage compared to banks that have not yet completed the process of monitoring and protecting data, thereby increasing trust from the State Bank, customers, and international organizations.

The speakers from agencies, businesses providing services, critical infrastructure, banks, e-commerce, etc. all shared the same view: To effectively implement the new regulations, management agencies need to promptly issue standards and technical regulations on cybersecurity. Enterprises need to proactively build a cybersecurity governance model, especially comprehensive data governance, including classification, encryption, secure storage, monitoring and incident response. People also need to raise awareness of their data rights, be cautious when sharing information and comply with legal regulations.