Vietnam is about to enter a new data protection era – are businesses ready?

By John Berven
on Jul 9, 2021

"Vietnam is poised to pass a new decree that will bring the nation into line with its peers across APAC and internationally when it comes to personal data protection – and it’s providing a new impetus for businesses to look again at enhancing their data management."

As Vietnam prepares to move into the next phase of its Data Privacy legislation, Solidatus Head of APAC John Berven sat down with Asean Tech&Sec to discuss the upcoming implementation of PDPA (Personal Data Protection Act) and how ready businesses really are when it comes to their own data and compliance requirements.

Reflecting on a number of high-profile data security breaches in the recent years, John comments: "Large-scale breaches of personal data continued in 2020, with a devastating data leak affecting more than 80,000 customers, and possibly staff, at Vietnamese health technology firm, Innovative Solution for Healthcare (iSofH) (see report). It is also believed that an additional cyberattack removed an unknown number of records."

But with the new PDPA, these breaches should hopefully be a thing of the past. But how can businesses prepare to ensure they are compliant with the decree's storage and processing of personal data? And, more importantly, how can a tool like Solidatus enable organisations to map the flow of its data, allowing for full transparency on how it can be used?

Read John's insights on this new stage of data protection and privacy in Vietnam to find out more:

Vietnam is about to enter a new data protection era – are businesses ready?


By using Solidatus, an organisation gains invaluable insight into its data landscape. Our product enables users to visualise and analyse lineage showing what type of data they have and how it moves through their systems. It is impossible for senior management to be completely confident that the organisation is not inadvertently contravening some aspect of PDPA without this, leaving them open to enforcement and reputational risks.  

Solidatus plays a vital role in PDPA by:  

  • mapping the flow of data within an organisation 
  • allowing for full transparency on how it is used and by whom 
  • laying the groundwork should regulators ever ask a business to prove their compliance 

Solidatus helps to build a digital dashboard which shows managers how personal data is being used and where it is stored. This provides a demonstrable compliance with cloud storage regulations, the Right to Access and Correction, in addition to both Do Not Call (DNC) and National Registration Identification Card (NRIC) legislation by understanding the flow and location of data. 

Organisations need a tool to help them identify required consent and ensure that the use of personal data within their firm is, purposeful, appropriate and reasonable. Solidatus provides these essential elements to comply with PDPA. To learn more about how we can help visit our PDPA page. 

may also be interested in:
Data Privacy 
Vietnam PDPA - Foolproof Your Organisation Against New Privacy Legislation
Vietnam's Data Privacy Decree - The Tip of the Global Compliance Iceberg
In a Changing World, it Pays to be Prepared

Topics: Data Privacy

Author: John Berven

Director of APAC, John launched the Singapore office in 2019. He has extensive knowledge within the region and offers nearly 20 years of experience working in the information technology and banking industry.
Find me on: