Legal News

[Personnel and Labor Relations] Update on Draft Penalties for Violations of the Cybersecurity and Personal Information Protection Decree

2024/05/09

In December 2023, a draft of penalties for violations of the Cybersecurity and Privacy Decree (introduced in our Laws and Regulations News of December 10, 2023) was issued, and on May 2, 2024, the content of said draft was updated. Some of the latest information is summarized below.

(1) Form of penalties:
In addition to “warning” and “fine,” penalties and corrective measures such as “revocation of the right to use the license,” “suspension of business for a certain period of time,” and “expulsion of the offending foreigner from the territory of Vietnam” have been added.

(2) Fines: 2,000,000 to 200,000,000 VND if the violator is an organization.
The fine shall be determined according to one of the following criteria depending on the level of violation.
Up to twice or five times the amount of the above fine
Up to 5% of the income of the immediately preceding fiscal year

(3) Expected date of enforcement: June 1, 2024

We will continue to update this information in Law News as soon as the decree is officially issued. In order to avoid the risk of administrative violations being detected, it is recommended that companies check whether they have completed their compliance with Decree 13/2023 on personal data protection and cybersecurity regulations and take action if they have not yet done so.

 

References
Decree 13/2023/ND-CP
Draft Decree on Sanctions for Administrative Violations in the Field of Cybersecurity
https://moj.gov.vn/qt/tintuc/Pages/chi-dao-dieu-hanh.aspx?ItemID=4271