The Ministry of Public Security proposes the development of a Law on Personal Data Protection

1. Draft Decree on the controlled sandbox mechanism for financial technology (Fintech) activities

The draft Decree clearly states that the selection process for organizations participating in the Sandbox Mechanism will be based on the following basic principles:

  • Fair, objective and transparent selection.
  • Clear and transparent criteria and selection procedures.
  • Participation in the Sandbox Mechanism does not guarantee official licensing. 
  • The experimental solution must be within the prescribed field.
  • The State Bank of Vietnam will decide the number of participating organizations based on its capacity for review and supervision.
  • The number of approved organizations will be made public.
  • Fintech solutions in the banking sector that are allowed to be tested: Credit scoring, data sharing through Open API, P2P lending
  • Issuing certificates for solutions that are innovative, beneficial and have added value.

Credit institutions will be considered for the Certificate of Participation in the Sandbox Mechanism if their solutions meet the following criteria:

  • The new solutions are not yet regulated by specific laws. 
  • Demonstrate creativity and bring benefits to service users, especially supporting financial inclusion.
  • Have a reasonable risk management and handling framework.
  • Have been fully evaluated for functionality and usefulness.
  • Feasible to be offered to the market after the trial period.

A Fintech company will be considered for the issuance of a Sandbox Participation Certificate if its solution meets the aforementioned criteria and satisfies the following conditions:

  • The company is legally incorporated in Vietnam, not undergoing any changes.
  • The company is not a credit institution under special control according to the law.
  • The legal representative of the company with a university degree in economics, business administration, law, or information technology, and has at least 2 years of management experience in the financial or banking sector.

2. The Ministry of Public Security proposes the development of a Law on Personal Data Protection

The Ministry of Public Security proposes the development of a Law on Personal Data Protection to meet the requirements of protecting personal data rights; prevent acts of personal data infringement, affecting the rights and interests of individuals and organizations; and improve the responsibilities of agencies, organizations, and individuals.

Specifically, the law will unify terminology and establish a number of important concepts related to Personal Data, Personal Data Protection; establish principles for Personal Data Protection; stipulate regulations on handling violations of Personal Data Protection regulations; rights and obligations of data subjects; consent of data subjects; regulations on Personal Data Protection in cases where the consent of the data subject is not required.

Moreover, the law also intends to stipulate more clearly the conditions for protecting personal data for organizations providing personal data processing services; services providing organizations and personnel for personal data protection (DPO); measures to protect personal data, and conditions for ensuring personal data protection activities.

The law also aims to perfect regulations to ensure conditions, measures to protect personal data, the specialized agency for personal data protection, the National Portal for Personal Data Protection, and the force for personal data protection.

Download the legal update as a PDF here.

Share: share facebook share twitter share linkedin share instagram

Find out how we can help your business


    Send Contact
    Call Us
    This site is registered on as a development site.