1. The importance of personal data protection
For any individual or organization, the protection of personal data is extremely important. In fact, allowing data to be stolen can cause heavy financial losses. Therefore, individuals and organizations need to have thorough protection measures to prevent data theft. Thereby protecting data integrity, and maintaining costs to ensure maximum efficiency of data security.
The protection of personal data, and prevention of personal data infringement will bring the following benefits to individuals and organizations:
– Prevent data theft.
– Data integrity protection.
– Maintain the cost of meeting data security requirements.
– Privacy protection.
– Comply with legal regulations on data privacy.
2. Rights of data subjects
In order to be able to protect your personal data, knowing the regulations on personal data is one of the most important activities. In particular, understanding the rights of data subjects is one of the prerequisite activities in personal data protection.
Specifically, according to the provisions of Article 9 of the Government’s Decree No. 13/2023/ND-CP dated April 17, 2023, the rights of data subjects in personal data regulations include:
1. Right to know
The data subject is made aware of the processing of his/her personal data, unless otherwise provided for by law.
2. Right to consent
Data subjects may or may not consent to the processing of their personal data, except for the case specified in Article 17 of this Decree.
3. Right of Access
Data subjects are entitled to access to view, correct, or request correction of their personal data, unless otherwise provided by law.
4. Right to withdraw consent
Data subjects are entitled to withdraw their consent unless otherwise provided by law.
5. Right to erasure
The data subject is entitled to delete or request the erasure of his/her personal data unless otherwise provided by law.
6. Right to restriction of data processing
a) Data subjects are required to restrict the processing of their personal data unless otherwise provided for by law;
b) The restriction of data processing shall be implemented within 72 hours after the request of the data subject, for all personal data requested by the data subject, unless otherwise provided for by law.
7. Right to data provision
The data subject may request the Personal Data Controller, the Personal Data Controller, and the Personal Data Processor to provide themselves with his/her personal data unless otherwise provided for by law.
8. Right to object to processing
a) Data subjects may object to the Personal Data Controller, Personal Data Controller, and Processor processing their personal data in order to prevent or restrict disclosure of personal data or use for advertising or marketing purposes unless otherwise provided for by law;
b) Personal data controllers and personal data controllers and processors shall comply with the data subject’s request within 72 hours after receiving the request unless otherwise provided for by law.
9. Right to complain, denounce, and initiate lawsuits
Data subjects have the right to lodge complaints, denunciations or initiate lawsuits in accordance with the provisions of law.
10. Right to claim damages
Data subjects have the right to claim compensation in accordance with the law when a violation of their personal data protection regulations occurs unless otherwise agreed by the parties or otherwise provided for by law.
11. Right to self-protection
Data subjects have the right to self-protection in accordance with the provisions of the Civil Code, other relevant laws, and this Decree, or request competent agencies or organizations to take measures to protect civil rights as prescribed in Article 11 of the Civil Code.
3. Data subject’s consent
In addition to the provisions on the rights of data subjects, in the process of protecting personal data, the consent of the data subject is also one of the important provisions of the personal data regulation. Specifically, according to the provisions of Article 11 of the Government’s Decree No. 13/2023/ND-CP dated April 17, 2023, the consent of data subjects in the regulation on personal data is stipulated as follows:
1. The data subject’s consent shall apply to all activities in the processing of personal data unless otherwise provided for by law.
2. The data subject’s consent shall only take effect when the data subject voluntarily and is aware of the following:
a) Type of personal data processed;
b) Purpose of processing personal data;
c) Organizations and individuals entitled to process personal data;
d) Rights and obligations of data subjects.
3. The consent of the data subject must be clearly and specifically expressed in writing, or voice, by ticking the consent box, consent syntax via message, selecting consent technical settings, or through another action demonstrating this.
4. Consent must be conducted for the same purpose. Where there are multiple purposes, the Personal Data Controller, Personal Data Controller, and Processor list the purposes for which the data subject has consented to one or more of the stated purposes.
5. The consent of the data subject must be expressed in a format that can be printed or reproduced in writing, including in electronic or verifiable format.
6. The silence or non-response of the data subject is not considered consent.
7. Data subjects may give their consent in part or with attached conditions.
8. For the processing of sensitive personal data, the data subject must be informed that the data to be processed is sensitive personal data.
9. The data subject’s consent shall be valid until the data subject decides otherwise or upon written request by a competent state authority.
10. In the event of a dispute, the responsibility for proving the data subject’s consent rests with the Personal Data Controller, the Personal Data Controller, and the processor.
11. Through authorization under the provisions of the Civil Code, organizations and individuals may carry out procedures related to the processing of personal data of data subjects on behalf of data subjects with the Personal Data Controller and the Personal Data Controller and the Controller and the processing of personal data in cases where the data subject is aware and co-existent Italy as prescribed in Clause 3 of this Article, unless otherwise provided for by law.
4. Right to withdraw consent to data processing
In addition to the data subject’s consent in the personal data regulations, the personal data owner also has the right to withdraw consent to data processing in order to protect his or her personal data. According to the regulations on personal data, specifically Article 12 of the Government’s Decree No. 13/2023/ND-CP dated April 17, 2023, the right to withdraw consent to data processing is stipulated as follows:
1. The withdrawal of consent does not affect the lawfulness of the processing of data that was consented prior to the withdrawal of consent.
2. The withdrawal of consent must be expressed in a format that can be printed or copied in writing, including in electronic or verifiable format.
3. Upon receiving a request to withdraw consent from a data subject, the Personal Data Controller, the Personal Data Controller, and the Personal Data Processor shall notify the data subject of the consequences and damages that may occur when the consent is withdrawn.
4. After implementing the provisions of Clause 2 of this Article, the Data Controller, Data Processor, Data Controller and Processor, and the Third Party shall cease and request relevant organizations and individuals to stop processing data of data subjects whose consent has been withdrawn.
5. When is it possible to process data without the data subject’s consent?
According to the law in general and the regulation on personal data in particular, in order to protect personal data of data subjects, the law has stipulated, that there will be some cases in which data can be processed without the consent of the data subject.
Specifically, according to the provisions of Article 17 of the Government’s Decree No. 13/2023/ND-CP dated April 17, 04, it is possible to process data without the consent of the data subject in the following cases:
1. In case of emergency, relevant personal data should be immediately processed to protect the life and health of data subjects or others. Personal Data Controller, Personal Data Processor, Personal Data Controller and Processor, Third Party are responsible for proving this case.
2. The disclosure of personal data in accordance with the provisions of law.
3. The processing of data by competent state agencies in case of national defense and security emergencies, social order and safety, major disasters, or dangerous epidemics; when there is a threat to national security or defense but not to the extent of declaring a state of emergency; preventing and combating riots, terrorism, preventing and combating crimes and violations of law in accordance with the provisions of law.
4. To perform the data subject’s contractual obligations with relevant agencies, organizations, and individuals in accordance with law.
5. To serve the operation of state agencies prescribed by specialized laws.
6. Consultancy to protect the rights of individuals/organizations with unauthorized data collection and processing
Established in 2016, Apolat Legal is a licensed law firm specializing in providing a wide range of legal services across a wide range of professional fields and clients, from domestic to foreign. The Company is committed to solving business legal issues in the most thorough and beneficial way for diverse clients throughout the territory of Vietnam.
For personal data issues in general and especially in consulting to protect the rights of individuals/organizations with unauthorized data collection and processing, with a team of experienced, knowledgeable lawyers along with the dedication of the profession, Apolat Legal always ensures to bring the best advice and support to clients.
In addition to a solid knowledge of law, Apolat Legal’s lawyers also master the knowledge of economics and business operations. From there, understand the needs and problems that businesses face. From there, when supporting customers, Apolat Legal will combine both legal solutions and economic solutions to bring the most optimal benefits to customers both legally and economically as well as effectively apply them internally to each business.
In particular, with extensive experience in consulting to protect the rights of individuals/organizations with unauthorized data collection and processing, Apolat Legal will give the most accurate and detailed advice in the process of consulting, and personal data protection as well as offer solutions, in order to fully ensure the legitimate rights and interests of individuals and organizations for acts of unauthorized data collection and processing.
The above is detailed advice about the rights of individuals to their data collected and managed by other organizations of Apolat Legal to readers. Currently, in the field of personal data in general and especially in the protection of personal data, understanding the regulations on personal data is one of the most important activities.
If you encounter any difficulties or problems, readers can learn more about Apolat Legal’s regular legal consultancy service for businesses here.
Disclaimers:
This article is for general information purposes only and is not intended to provide any legal advice for any particular case. The legal provisions referenced in the content are in effect at the time of publication but may have expired at the time you read the content. We therefore advise that you always consult a professional consultant before applying any content.
For issues related to the content or intellectual property rights of the article, please email cs@apolatlegal.vn.
Apolat Legal is a law firm in Vietnam with experience and capacity to provide consulting services related to Intellectual Property Rights and contact our team of lawyers in Vietnam via email info@apolatlegal.com.
