Employee Data Privacy

Vietnam - Breach Notification

 Download as a PDF

Are there any data breach notification requirements? 

A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. Local data protection regulations have required data controllers to report such breaches in certain circumstances.


Vietnamese law does not include a required notification to data protection authorities or data subjects in the event of a personal data breach.

The Law on Network Information Security (No. 86/2015/QH13, Art. 19.2) contains a general requirement that entities (such as employers) take steps to remedy and stop “cyber information” security incidents (and potential incidents) as soon as possible.


HR Best Practices: Employers should develop and implement a “cyber information” security incident response plan to protect employee, job applicant and other personal HR data.

The Vietnamese government is drafting a decree on personal data protection (the Draft PDP Decree). In the current version of the draft, individuals and organizations would be responsible for promptly notifying the PDP Committee on any breaches relating to personal data protection.


UKG's HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where UKG's customers have employees. HR Compliance Assist is a service exclusively available to UKG customers.

Share Your Feedback

Let's Talk