Strengthen personal data protection according to Decree 13/2023/ND-CP

On August 22, 2023, the Ministry of Public Security issued Official Dispatch 2916/BCA-A05 of 2023 on strengthening the protection of personal data. 

Specifically, there is still a situation of exposure, loss, and illegal transfer of personal data; There is still illegal transfer and sale of personal data, the Ministry of Public Security requires strengthening the protection of personal data:

(1) Personal data protection issues that need attention

On April 17, 2023, the Government issued Decree 13/2023/ND-CP on personal data protection, fully regulating issues related to personal data protection of agencies and organizations and relevant officials and individuals. 

- The Decree has established the rights and obligations of data subjects.

- Regulations on processes and methods of applying personal data protection measures of relevant agencies, organizations and individuals.

- Identify the agency responsible for protecting personal data.

- Personal data protection force.

- National information portal on personal data protection.

- Administrative procedures on personal data protection. 

The above are important and practical regulations to limit the current situation of illegal transfer and widespread trading of personal data.

(2) Current status of implementation of Decree 13/2023/ND-CP from July 1, 2023 to present

However, since the Decree took effect (July 1, 2023) until now, the implementation of the Decree has not received adequate attention; Many organizations, agencies, and state-owned enterprises have not implemented the tasks specified in  Decree 13/2023/ND-CP , allowing exposure, loss, and illegal transfer of personal data to occur; Illegal transfer and trading of personal data still occurs.

(3) 06 tasks to strengthen personal data protection

Based on assigned functions and tasks, the Ministry of Public Security requests ministries, branches, ministerial-level agencies, and agencies under the Government; People's Committees of provinces and centrally run cities; Central political and social organizations; Central state organizations and enterprises urgently implement the following contents:

- Research, organize and implement and strictly enforce regulations on personal data protection through many different forms, with a focus on disseminating and thoroughly educating all officials and employees about rights and obligations, determine responsibilities that need to be implemented, and ensure timely progress according to the provisions of law.

- Direct units that collect and process personal data to conduct an overall review and classify personal data collected and being processed, thereby determining corresponding protection responsibilities of each type of personal data according to the provisions of Decree 13/2023/ND-CP.

- Review and evaluate the process of collecting and processing personal data, propose to promulgate management measures appropriate to the scale and level of personal data processing of your agency or unit; Strictly handle acts of illegally transferring personal data and buying and selling personal data if detected.

- Designate a department with the function of protecting personal data, appoint personnel in charge of protecting personal data if an agency, organization or individual processes sensitive personal data and exchange 01 original copy. The above-mentioned document on the Agency in charge of personal data protection.

- Notify violations of regulations on personal data protection in case of detecting violations of personal data protection regulations to the Agency in charge of personal data protection no later than 72 hours after the occurrence violations according to Form No. 03 in the Appendix to Decree 13/2023/ND-CP .

- Prepare dossiers to assess the impact of processing personal data, dossiers to assess the impact of transferring personal data abroad and send them to the Agency in charge of personal data protection in 03 forms: online via the Portal. National information on personal data protection, directly at the Department of Cyber ​​Security and High-Tech Crime Prevention - Ministry of Public Security or by post after 60 days from the date of processing personal data personal data or transfer personal data abroad.

In 2023 and the following years, police units and localities will strengthen the fight against illegal transfer and trading of personal data, and strictly handle violations according to regulations under the law.

(Collective source)

 

Post a Comment

0 Comments