Page 152 - ISC PROCEEDINGS 21.4
P. 152
RECOMMENDATIONS FOR IMPROVING THE LEGAL FRAMEWORK FOR
PERSONAL DATA PROTECTION IN BUSINESS IN VIETNAM
Vo Kim Nhan* 1
1 Ho Chi Minh City University of Industry and Trade, Ho Chi Minh City, Vietnam.
(*E-mail: nhanvt@huit.edu.vn)
ABSTRACT
In the digital economy, businesses increasingly rely on the collection, storage, and
processing of personal data, which creates significant risks for privacy, consumer rights,
and information security. In Vietnam, the legal regime governing personal data protection
has recently entered a new phase with the adoption of the Law on Personal Data
Protection 2025, while related rules also remain dispersed across legislation on
cybersecurity, consumer protection, electronic transactions, civil rights, and privacy. This
raises an important legal question: whether the current framework is sufficiently
coherent and enforceable for business-related data processing in the digital environment.
This paper employs legal analysis and comparative legal methods to examine the
structure of Vietnam’s current legal framework, identify remaining fragmentation and
enforcement gaps, and compare selected foreign regulatory models, including the EU, the
United States, Japan, Singapore, and South Korea. The study argues that the core
challenge is no longer the absence of a dedicated law, but the need to clarify consent
standards, corporate compliance obligations, institutional coordination, and enforcement
mechanisms. On that basis, the paper proposes legally grounded recommendations
relating to valid consent, withdrawal of consent, data breach notification, data protection
impact assessment, sanctions, and regulatory organization.
Keywords: Personal data protection; legal system; legal implementation.
1. Introduction
In the context of the rapidly developing digital economy, the protection of personal
data has become an urgent issue not only in developed countries but also in many
developing countries, including Vietnam (Nhan, 2024). The development of information
technology and the internet has created enormous opportunities for information
exchange and global connectivity, but it has also brought about significant challenges
related to the protection of personal information (Birch et al., 2021; Prete, 2022). The
collection, storage, processing, and use of personal data bring substantial benefits to
businesses, ranging from improving business efficiency and personalizing customer
experiences to developing new products and services (Anshari et al., 2019). However,
alongside these opportunities, the exploitation of personal data also raises significant
concerns regarding information security, privacy protection, and data security (Mugariri
et al., 2022). In the modern world, individuals and organizations no longer conduct
transactions solely through traditional methods but primarily through online
environments. All personal information, from names and identification numbers to bank
account information, preferences, habits, and users’ online behaviors, can be collected,
stored, and used by organizations, businesses, and even government agencies. Without
clear regulatory protections, personal data may be misused, violated, or used for
151
