PDPD Compliance

Our starting point is to map out the data flows in your business : Where does data come from, where is it processed internally, to which third party is shared ?

The Record of Processing Activities is a document compiling all of this information coming from the GDPR

Protect your business ! You are liable for third parties with which you share data.

It is important to understand that even if the data leaves your control, it does not leave your responsibility.

Therefore, you must ensure that the service agreements in place with any third party receiving your data contains a clear commitment in their end to respect your standard.

What are your security policies ? is the data properly encrypted, backups made regularly etc.
Is your team properly trained ?

Do you have a nominated Data Protection Officer (DPO) which is required by law to appoint as a primary point of contact.

We will advise on on necessary remediation and support you in their implementation

The Vietnamese law is particularly strict with the consent gathering. Any time you collect personal data from an employee, a customer or a supplier you must be able to show an explicit consent from the owner of the data to the regulator.

Therefore, it is important to ensure that your operations are inclusive of these consent mechanisms in a way that is affordable for your company while respecting the requirements of the Vietnamese regulation.

Vietnam is one of the only country where companies have to proactively deposit a dossier called a Data Protection Impact Assessment (DPIA) to the regulatory authorities. This dossier compiles all of the information collected in the steps mentioned above into the expected format.

In addition, any transfer of data outside of Vietnamese territory must be documented in a Cross border Transfer Impact Assessment (CTIA).