HCMC – Foreign-invested enterprises in Vietnam should brace for stricter data protection and governance requirements, experts and business leaders said at a recent business meeting hosted by the German Business Association (GBA).
The country’s Data Law, enacted in November 2024, along with Decree No. 13/2023/ND-CP on personal data protection, has set the stage for stricter governance. The legislature is also expected to approve a new Personal Data Protection Law (PDPL).
Violations under the current legal framework can result in administrative fines of up to 5% of total revenue generated in Vietnam, posing significant risks for multinational corporations.
“Vietnam is stepping into a new digital governance landscape. This law is vital for consumer protection, but it also poses real challenges for businesses striving to stay agile and innovative,” said Dr. Oliver Massmann, GBA board member and managing director of Duane Morris LLP Vietnam.
Hoang Ha, founder and CEO of Data Protectify, underscored the need to embed data protection into core operations and build resilient governance systems.
For companies already implementing the General Data Protection Regulation, adapting to Vietnamese regulations may be smoother.
However, as Dr. Arianne Jimenez, head of Data Policy & Privacy for APAC at Meta, pointed out, companies still need to be mindful of local differences, including the definition of sensitive data, revenue-based penalties, and detailed reporting requirements.
“Engaging in proactive dialogue with local regulators is essential to ensure that Vietnam’s legal framework is in line with international norms, especially concerning cross-border data transfers,” she emphasized.
Speakers unanimously agreed that long-term trust hinges on transparency around data access by public authorities.
Vu Tai Luong, data governance project director at FPT Telecom, said: “Businesses must have clarity on when, why, and how government agencies can access their data. Without this transparency, local data storage requirements could seriously disrupt operations.”
André de Jong, managing director of Bosch Vietnam, added: “We support a streamlined and unified legal framework. Avoiding legal overlap and fragmentation is key to driving both compliance and innovation.”
While legal compliance is a basic requirement, businesses are also encouraged to integrate values such as data ethics, transparency, and innovation into their operations
