VIETNAM Law and Practice Contributed by: Thang Nguyen, Minh Nguyen and Nguyet Le, ACSV Legal
Although registration is not mandatory, it is rec - ommended for legal certainty. 7.5 Others Software is protected as a “computer program” under Vietnamese IP law and qualifies for cop - yright as a literary work, regardless of format. Trade secrets, protected as industrial property, require confidentiality and legal acquisition, without formal registration. Databases may be protected only if they qualify as copyrightable works or trade secrets. Although Vietnam has improved its IP frame - work, enforcement remains a concern due to limited infrastructure and capacity, affecting investor confidence. Effective from 1 July 2023, Decree 13/2023/ND- CP introduced Vietnam’s first comprehensive personal data protection (PDP) framework. Key provisions include: • classification of personal data into basic and sensitive; • legal bases for data processing without con - sent; • requirements on consent forms, response timelines, encryption, data protection officers, and cross-border data transfer registration; • mandatory impact assessments; • data subjects’ rights (access, correction, deletion, objection and portability); • specific cases allowing data processing without consent (eg, emergencies, national security and contractual obligations); and 8. Data Protection 8.1 Applicable Regulations
• special rules for children’s data, requiring dual consent from the child (age 7+) and parent/ guardian. The Data Law is distinct from the Personal Data Protection Law (PDPL). The PDPL primarily focuses on personal data, covers a wide range of areas, including marketing services, behav - ioural advertising, big data processing, AI, cloud computing, employee monitoring and recruit - ment, financial banking and credit information, healthcare, insurance, social network and com - munication services through cyberspace and more. The PDPL was enacted on 26 June 2025 and will take effect on 1 January 2026. 8.2 Geographical Scope Under the Data Law, when transferring and pro - cessing important data and core data across borders, such transferring and processing must satisfy certain requirements, including ensur - ing national defence, security, and protecting national interests, public interest, as well as the rights and legitimate interests of data subjects and data owners in accordance with the laws and international treaties to which Vietnam is a signatory. Decree 13 binds foreign and local companies based in Vietnam to the same standards of pro - tection. Decree 13, however, does not directly apply to offshore companies. However, when there is a cross-border transfer of data, Decree 13 requires the transferor to submit the contact details of the transferee to the Ministry of Public Security (MPS). 8.3 Role and Authority of the Data Protection Agency The MPS and its Department of Cybersecurity and Hi-tech Crime Prevention (A05) are in charge
921 CHAMBERS.COM
Powered by FlippingBook