According to Decree No. 53/2022/ND-CP, foreign and domestic enterprises that provide services on telecommunications networks, the Internet, and the value-added service (VAS) in cyberspace in Vietnam shall retain the following data in Vietnam (the form of retention shall be decided by such enterprises):
- Data on personal information of service users in Vietnam;
- Data created by service users in Vietnam: account names, service use time, information on credit cards, emails, IP addresses of the last login or logout session, and registered phone numbers in association with accounts or data;
- Data on relationships of service users in Vietnam: friends and groups such users have connected or interacted with.
The data retention period shall start when enterprises receive requests on the data retention until the end of the period prescribed in such requests; the minimum retention duration is 24 months.
According to regulations prescribed in Clause 3 Article 26 of the Law on Cybersecurity 2018 of Vietnam, data retention is mandatory for the above-mentioned enterprises that collect, use, analyze and process:
- Data on personal information;
- Data on relationships of service users;
- Data created by service users in Vietnam.
Decree No. 53/2022/ND-CP comes into force as of October 1, 2022.
>> CLICK HERE TO READ THE ARTICLE IN VIETNAMES
Above are the summary and notification of new documents for customers of THU VIEN PHAP LUAT. For more information, please send an email to mailto:[email protected].
3.601