How does Blancco Help Organizations Comply with the Vietnam Personal Data Protection Decree?

This historical shift in data protection includes mandates for the destruction of personal data. Here’s how Blancco helps your organization meet the Vietnam decree’s requirements.

What is the Vietnam PDPD—and who must comply?

The Vietnam Personal Data Protection Decree (“PDPD,” also referred to as “Decree No.13/2023/ND”) is Vietnam’s first comprehensive legislative document governing how personal data is protected. Previously, data protection requirements were spread out over different laws and mandates.

The Vietnamese PDPD has been in effect since July 1, 2023, for agencies, organizations, and individuals that are:

  • native or foreign in Vietnam,
  • Vietnamese and operating abroad, and
  • foreign, but directly participating in, or related to, personal data processing activities in Vietnam.

What does the PDPD Cover?

The Personal Data Protection Decree lays out requirements for data processors and controllers, providing critical data safeguards for more than 97 million people1.

Some of those safeguards relate to the deletion and destruction of personal data. For instance, the Vietnam PDPD requires data deletion or destruction within several personal data protection principles from Article 3 of the decree, as well as others.

The Vietnam decree for personal data protection also gives data subjects a “right to delete” personal data. In most cases, data processors and controllers must act on this right within 72 hours of receiving the request.

This puts a responsibility on organizations to know what data should be deleted, when, and the best way to ensure and prove compliance to data subjects and regulators.

1 Vietnam’s Personal Data Protection Decree: Overview, Key Takeaways, and Context – Future of Privacy Forum (fpf.org)

Download our solution brief.

Ensure Vietnam PDPD data deletion compliance.

Learn how with a free enterprise data erasure trial.