On August 15th, 2022, The Government issued Decree No. 53/2022/ND-CP prescribing some articles of the Cybersecurity Law, whereby, there are some new notable following contents:
Data storage in Vietnam:
– Domestic and foreign enterprises providing services on telecommunications networks, the Internet, and VAT services in cyberspace in Vietnam must store the following data in Vietnam:
+ Data on personal information of service users in Vietnam;
+ Data created by service users in Vietnam: Service account name, service time, credit card information, email address, Internet Protocol (IP) address , last logout, registered phone number associated with account or data;
+ Data on the relationship of service users in Vietnam: friends, groups with which the user connects or interacts.
The form of storage in Vietnam will be decided by the enterprise itself.
The retention period starts from the time the enterprise receives the data storage request to the end of the request. Minimum storage period is 24 months.
+ Note points in storing data, setting up branches or representative offices in Vietnam of foreign enterprises:
– Foreign enterprises engage in business activities in Vietnam in one of the following fields: Telecommunications services; storing and sharing data in cyberspace; providing national or international domain names to service users in Vietnam; e-commerce; online payment; payment intermediary; transport connection services through cyberspace; social networks and social media; online video games; services that provide, manage or operate other information in cyberspace in the form of messages, voice calls, video calls, email messages, online chats must store the data in accordance with the above provisions and set up a branch or representative office in Vietnam in case the services provided by the enterprise. In case they are used to commit acts of violating the law on cyber security and are also being notified and requested for coordination, prevention, investigation, and handling of the violation in writing by the Department of Cybersecurity and Crime Prevention High-tech technology under the Ministry of Public Security writing but fail to comply, or prevent, obstruct, disable or destroy the effect of cybersecurity protection measures taken by the specialized network security force.
This Decree takes effect from October 1st, 2022.
