DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

๐Ÿ‡ป๐Ÿ‡ณ Vietnam

PDPD

Personal Data Protection Decree (Decree 13/2023)

In short
Vietnam's PDPD requires clear, informed and affirmative prior consent for most processing. Consent must be expressed in a way that can be printed or recorded, and silence or non-action does not count as consent.
Region

Vietnam

Status

In force since July 2023

Group

Asia & Africa

Who must comply

Agencies, organizations and individuals that process personal data of people in Vietnam, including foreign parties processing such data.

Penalties

Penalties are set by implementing rules and can include administrative fines, with proposals for fines up to 5% of prior-year revenue for serious violations.

Key obligations

  • Obtain clear, affirmative and recorded prior consent
  • Provide notice of purpose before processing
  • Honor access, correction, deletion and withdrawal rights
  • Carry out and file impact assessment dossiers
  • Meet cross-border transfer assessment requirements

How ConsentX helps

Affirmative, recorded opt-in consent capture

Prior-script blocking before processing

Withdrawal and rights request workflow

Consent receipts and evidence dossiers

Region rule engine tuned for Vietnam

Get PDPD ready with ConsentX

Get started free Book a demo

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with PDPD using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under PDPD.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that PDPD requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a PDPD audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

Does Vietnam's decree allow implied consent?+

No. Consent must be clear and affirmative, and silence or non-action does not count as valid consent.

What records does Vietnam's PDPD require?+

Consent must be in a form that can be printed or reproduced, and controllers must prepare impact assessment dossiers.

Countries under PDPD

๐Ÿ‡ป๐Ÿ‡ณ Viแป‡t Nam

Other regulations

๐Ÿ‡ช๐Ÿ‡บ GDPR๐Ÿ‡ฌ๐Ÿ‡ง UK GDPR๐Ÿ‡บ๐Ÿ‡ธ CCPA / CPRA๐Ÿ‡บ๐Ÿ‡ธ VCDPA๐Ÿ‡บ๐Ÿ‡ธ Colorado CPA๐Ÿ‡บ๐Ÿ‡ธ CTDPA๐Ÿ‡บ๐Ÿ‡ธ UCPA๐Ÿ‡บ๐Ÿ‡ธ TDPSA๐Ÿ‡บ๐Ÿ‡ธ Oregon OCPA๐Ÿ‡บ๐Ÿ‡ธ Montana MCDPA๐Ÿ‡บ๐Ÿ‡ธ Florida FDBR๐Ÿ‡ง๐Ÿ‡ท LGPD๐Ÿ‡จ๐Ÿ‡ฆ PIPEDA๐Ÿ‡ฎ๐Ÿ‡ณ DPDPA๐ŸŒ PDPA๐Ÿ‡ฟ๐Ÿ‡ฆ POPIA๐Ÿ‡จ๐Ÿ‡ญ FADP๐Ÿ‡จ๐Ÿ‡ฆ Law 25๐Ÿ‡ฒ๐Ÿ‡ฝ LFPDPPP๐Ÿ‡ฆ๐Ÿ‡ท PDPL๐Ÿ‡จ๐Ÿ‡ฑ Law 21.719๐Ÿ‡จ๐Ÿ‡ด Law 1581๐Ÿ‡ต๐Ÿ‡ช Law 29733๐Ÿ‡บ๐Ÿ‡พ Law 18.331