Data protective jurisdictions tend to guarantee the right of individuals to contact an organization directly and find out whether personal data is being tracked. Access procedures and acceptable exceptions (such as business secrecy) are determined by law and may be subject to the control of data protection authorities. In the context of HR, personal data access requests can include information tracked by the company as well as data tracked by third-party solutions, such as background check vendors.
Vietnam does not have an overarching law relating to personal data protection or employees’ access rights. The Law on Network Information Security (No. 86/2015/QH13, Art. 17.3), gives data subjects the right to access their personal data which is held by a third-party in a network environment.
Individuals can request that entities (such as employers) who handle their personal information in a network environment correct, delete, or stop providing their personal information to third-parties (IT Law, Art. 22 and the Law on Network Information Security, Art. 18). When a request is received from an employee, the entity should:
There is no specific limitation to an individual’s rights as a data subject. There are also no required procedures for individuals to exercise their rights. Due to the lack of clarity in the law, conservative employers have employees exercise access rights by submitting requests directly to the employer and/or the relevant HR service provider.
HR Best Practices: Create processes that allow employees and other individuals to submit access, correction and deletion requests. Ensure employees are informed of the best way to submit these requests.