Chapter V
STORAGE OF DATA AND ESTABLISHMENT OF BRANCHES AND REPRESENTATIVE OFFICES IN VIETNAM
Article 26. Storage of data and establishment of branches and representative offices in Vietnam
1. Data subject to storage in Vietnam:
a) Data on personal information of service users in Vietnam;
b) Data created by service users in Vietnam: account names, service use time, information on credit cards, emails, IP addresses of the last login or logout session, and registered phone numbers in association with accounts or data;
c) Data on relationships of service users in Vietnam: friends and groups such users have connected or interacted with.
2. Domestic enterprises shall store the data prescribed in Clause 1 of this Article in Vietnam.
3. Regarding the data storage and establishment of branches or representative offices in Vietnam of foreign enterprises:
a) Foreign enterprises conducting business in Vietnam in one of the following fields: telecommunications services; storage and sharing of data in cyberspace; provision of national or international domain names for service users in Vietnam; e-commerce; online payment; payment intermediaries; services of connection and transportation in cyberspace; social media and social communication; online games; services of provision, management, or operation other information in cyberspace in forms of messages, calls, video calls, emails, online chatting, shall store data prescribed in Clause 1 of this Article and establish branches or representative offices in Vietnam in case services provided by such foreign enterprises are used for violations of laws on cybersecurity, notified and requested for cooperation, prevention, investigation, and handling in writing by the Department of Cyber Security and Hi-tech Crime Prevention of the Ministry of Public Security of Vietnam but they fail to comply or incompletely comply with such documents or prevent, obstruct, disable, or nullify the effect of cybersecurity protection measures performed by cybersecurity protection forces;
b) In case of inability to comply with regulations of laws on cybersecurity due to force majeure, foreign enterprises shall notify send notifications to the Department of Cyber Security and Hi-tech Crime Prevention of the Ministry of Public Security of Vietnam within 3 working days for inspection of the verification of such force majeure. In such cases, enterprises will have 30 days to adopt remedial methods.
4. If enterprises inadequately collect, utilize, analyze, and handle data according to regulations prescribed in Clause 1 of this Article, enterprises shall cooperate with the Department of Cyber Security and Hi-tech Crime Prevention of the Ministry of Public Security of Vietnam in confirming and storing types of data that is currently being collected, utilized, analyzed, and handled.
If enterprises conduct the additional collection, utilization, analysis, and handling of types of data prescribed in Clause 1 of this Article, they shall cooperate with the Department of Cyber Security and Hi-tech Crime Prevention of the Ministry of Public Security of Vietnam in including such data in the list of data subject to storage in Vietnam.
5. The form of data storage in Vietnam shall be decided by enterprises.
6. Order and procedures for requesting data storage and establishment of branches or representative offices of foreign enterprises in Vietnam:
a) The Minister of Public Security of Vietnam shall promulgate decisions on the request for data storage and establishment of branches or representative offices in Vietnam;
b) The Department of Cyber Security and Hi-tech Crime Prevention of the Ministry of Public Security of Vietnam shall provide notifications and guidelines, monitor, supervise, and urge enterprises to implement requests for data storage and establishment of branches or representative offices in Vietnam while notifying relevant agencies of the implementation of state management functions according to entitlements;
c) Within 12 months from the promulgation date of decisions of the Minister of Public Security of Vietnam, enterprises prescribed in Point a Clause 3 Article 26 of this Decree shall complete the data storage and establishment of branches or representative offices in Vietnam.
7. Order and procedures for the establishment of branches or representative offices in Vietnam shall comply with regulations of laws on business, commerce, enterprises, and other relevant regulations.
8. Enterprises that fail to comply with regulations prescribed in this Article shall be handled according to regulations of laws based on the nature and level of the violation.
Article 27. Time for data storage and establishment of branches or representative offices in Vietnam
1. The time for data storage, according to regulations prescribed in Article 26 of this Decree, shall start when enterprises receive the request for data storage until the end of the time prescribed in such request. The mandatory storage time is 24 months.
2. The time for the establishment of branches or representative offices in Vietnam according to regulations prescribed in Article 26 of this decree shall start when enterprises receive the request for the establishment of branches or representative offices in Vietnam until such business terminate their operation in Vietnam or the prescribed service is no longer available in Vietnam.
3. The system log for investigation and handling of acts of violating laws on cybersecurity prescribed in Point b Clause 2 Article 26 of the Law on Cybersecurity shall be stored for at least 12 months.
Tìm kiếm
Nghị định 53/2022/NĐ-CP (Bản Word)
Nghị định 53/2022/NĐ-CP (Bản Pdf)