A “shield” protecting users in the digital era
In the digital era, data is considered as the “oil” of the digital economy. Personal data has become a key “input material” for building digital government, the digital economy and a digital society. However, along with the benefits data brings, many risks also arise if this “oil” is not properly exploited and used.
The buying and selling, as well as the leakage of personal data in Viet Nam is no longer a warning but a pressing reality. According to statistics from the Department of Cybersecurity and High-Tech Crime Prevention (A05) under the Ministry of Public Security, in the first six months of 2025, functional forces detected and handled 56 cases related to the illegal trading of personal data, with more than 110 million data records collected and traded unlawfully. This data was used for various illegal purposes, from financial fraud and impersonation of state agencies to violations of people’s private lives.
The “careless” attitude of users in sharing personal information, in combination with the previous lack of sufficiently strong sanctions, has turned the data of millions of citizens into a lucrative commodity for transnational fraud networks. The root cause of the problem lies in the lax control of data.
Effective from January 1, 2026, the Law on Personal Data Protection fully establishes citizens’ basic data rights, including the right to be informed; the right to give consent; the right to withdraw consent; and the right to access, amend, and request the deletion of personal data. At the same time, the law clearly defines the legal responsibilities of state agencies, organisations, and enterprises throughout the entire data processing lifecycle, from collection and storage to sharing and exploitation.
Colonel Nguyen Hong Quan, Deputy Head of Department A05, affirmed: “The right to personal data protection was previously often considered as part of the right to privacy, but in the current context it has become an independent right that needs to be fully recognised and protected by law.” According to Colonel Nguyen Hong Quan, around 80% of the world’s population currently lives in territories with regulations on personal data protection. Viet Nam is no exception to this trend, and completing the legal framework is a prerequisite for strengthening digital trust and laying the foundation for sustainable socio-economic development.
The issue of the Law on Personal Data Protection is a strong affirmation of each user’s “digital sovereignty”. It also forces businesses to shift their mindset from “maximum exploitation” to “responsible exploitation”. Technology businesses and data-driven entities must now place data security on an equal footing with profit objectives.
Responsible exploitation, ensuring data security
One of the major barriers to law enforcement is individual awareness. In fact, Vietnamese users are still relatively indifferent to protecting their “digital footprints”, are careless in sharing personal information, rarely read terms of use, and are willing to provide data to applications and services without fully considering the long-term consequences. This makes it easy to collect personal data for misuse, turning it into “raw material” for illegal activities.
Nguyen Quang Dong, Head of the Institute for Policy Studies and Media Development, believes that no matter how strong the law is, it is difficult for it fully exert power if people are not self-aware of their “assets”. “Users need to understand that they are the true owners of their personal data,” Dong emphasised.
The fact shows that improving data protection capacity must begin from education. From schools to workplaces, disseminating knowledge about privacy rights must become a regular activity, helping each individual become a “secure link” in the national data security system.
Legalisation is a necessary condition, but technical implementation is the sufficient condition. From legalisation to enforcement, there are many challenges. According to surveys, about 67% of units have issued decisions related to personal data protection, focusing primarily on the finance-banking, technology, and telecommunications sectors. However, only around 5.6% of these units have actually fully implemented data processing measures as required. “The biggest challenge at present is the lack of a clear data processing diagram or map of organisations,” noted Ngo Tuan Anh, Deputy Head of the Data Security and Personal Data Protection Committee under the National Data Association.
This reflects the reality that many data-exploiting enterprises have only reached the level of “paper compliance”, but have not built a systematic data governance system, from defining responsibilities and making data processing map to training personnel. The lack of sufficiently strong sanctions in the previous time also resulted in some businesses not truly regarding personal data protection as a strategic priority. The new law stipulates severe penalties: up to 10 times the amount of gained illegal profits or 5% of the organisation’s total revenue in the previous year. This is considered an economic “yardstick” forcing businesses to seriously invest in security infrastructure if they do not want to face enormous legal and financial risks.
Personal data is not only a matter of privacy rights but is also directly related to national security and social order and safety. The Law on Personal Data Protection not only aims to protect individual citizens; it also provides a legal corridor to manage, exploit, and use data in a lawful and secure manner, thereby contributing to ensuring national data security during the digital transformation process. Personal data protection is to protect the people’s “digital assets”. Every line of data that is safeguarded will help build a safe and strong digital Viet Nam.
