In the era of digital transformation, protecting personal data is not only a legal responsibility but also a key factor in sustaining a company’s reputation and long-term success. Uncontrolled collection, storage, processing, and sharing of personal data can lead to serious legal, financial, and reputational risks.
Legal Framework in Vietnam
Personal data refers to any information, digital or otherwise, that identifies or can help identify a specific individual. It is divided into two main categories:
Basic personal data: Commonly used identifiers such as name, date of birth, gender, permanent address, nationality, photo, phone number, ID or passport number, tax code, and social insurance number.
Sensitive personal data: Information closely linked to privacy—such as political or religious beliefs, health status, racial or ethnic origin, or criminal records—that, if exposed, could harm an individual’s rights or interests.
A data subject is any individual whose personal data is being processed by another entity.
Data processing covers any operation on personal data—collection, analysis, aggregation, encryption, decryption, modification, deletion, anonymization, disclosure, or transfer.
Personal Data Controller” refers to an organization or individual that decides purposes and means of processing personal data.
Example: An e-commerce company collecting customer information (name, phone, address) for delivery and marketing.
“Personal Data Processor” refers to an organization or individual that processes data on behalf of the Personal Data Controller via a contract or agreement with the Personal Data Controller.
Example: An IT service provider offering data storage without deciding how the data is used.
“Personal Data Controller-cum-Processor” refers to an organization or individual that jointly decides purposes and means, and directly processes personal data.
Example: An e-commerce company that both collects and uses customer data for promotions and user experience improvements.
“Third Party” refers to an organization or individual other than the data subject, Personal Data Controller, Personal Data Processor, and Personal Data Controller-cum-Processor that is permitted to process personal data.
Example: A tax authority receiving transaction data from a bank under legal obligation.
Depending on business operations, an organization can play multiple roles simultaneously.
Conclusion
In today’s rapidly digitalizing era, personal data protection is not only a legal responsibility but also a critical factor for maintaining a company’s reputation and ensuring its sustainable growth.
Uncontrolled collection, storage, processing, and sharing of personal data can lead to serious legal, financial, and reputational risks. Therefore, businesses must take a proactive approach by developing and implementing a comprehensive data governance strategy that ensures compliance, security, and long-term trust.
TPM is proud to be an agency that provides full and excellent services in accounting, tax, HR & advisory services in Vietnam in nowadays business finance market.
TPM TAX AGENCY & CONSULTING CORPORATION
Tax Number: 0312787706
Feel free to contact & reach us!
Address: 102 Phung Van Cung Street, Cau Kieu Ward, Ho Chi Minh City
Email : htdn@tpm.com.vn
Hotline : +84 28 3505 1800