The ministry of public security in Vietnam has opened its draft decree on personal data protection to public consultation. 

The proposed law will cover all domestic and foreign organisations, enterprises and individuals doing business in Vietnam.

A general principle is that sensitive personal data should not be disclosed to others as it would harm a data subject’s legitimate interests.

However, there are exceptions. Personal data may be processed without the data subject’s consent in the interest of national security, social order and safety; in a life-threatening situation, a health or other emergency; criminal investigations; instances covered by international agreements or treaties; and for scientific research or gathering statistics.

Proposed fines for breaches range from VND50m to VND100m, depending on the nature of the offence. 

But in cases where a personal data processor violates the law many times with serious consequences, the fine could be up to 5% of the processor’s total revenue in Vietnam.

The proposed decree has six chapters and 30 articles covering personal data processing and protection measures, handling personal data breaches, the responsibility of agencies, organisations and individuals to protect personal data, and a personal data protection committee.

The deadline for comments is 8 April.