The Extraterritorial Scope of Data Protection Laws of Vietnam's Major Trading Partners

Are the laws of Vietnam on cybersecurity and data protection the only body of law applicable to data processors and data controllers domiciled in Vietnam?

That might not just be the case.

For example, the GDPR or the General Data Protection Regulation, a European Union (EU) regulation that governs the collection, use, and storage of personal data of EU residents, generally, applies to companies that are based in the EU or those that process the personal data of EU residents.

However, if a company based in Vietnam is the data controller or data processor of the personal data of EU residents, then the GDPR may still be applicable to them. This is because the GDPR has extraterritorial effect and applies to any company that offers goods or services to EU residents or monitors the behavior of EU residents. This is known as the extraterritorial scope of the regulation.

Therefore, if a company based in Vietnam offers goods or services to EU residents or monitors their behavior, then they must comply with the GDPR’s requirements for the personal data they process. It is important for companies to understand the GDPR’s requirements and take necessary measures to comply with them to avoid potential fines and legal issues

We have prepared a note setting out the relevant provisions providing for what could be deemed as the extraterritorial scope of the data protection laws of Vietnam’s major trading partners.

You may refer to our briefing note setting out the relevant provisions providing for what could be deemed as the extraterritorial scope of the data protection laws of Vietnam’s major trading partners.

File: Note-on-the-Extraterritorial-Scope-of-Data-Protection-Laws-of-Vietnams-Major-Trading-Partners.pdf