Effective January 1, 2026, the Law on Personal Data Protection will come into force. Concurrently, a Draft guiding decree is currently under review and is expected to be adopted in early 2026. This imposes significant responsibilities on enterprises to ensure strict compliance with the regulations established by personal data laws. These responsibilities include general compliance obligations and the specific requirement to obtain consent from personal data subjects or relevant parties prior to conducting any activities related to the collection, storage, or processing of personal data.
Download publications
Describe
Key takeaways:
- Promptly supplement personal data-related clauses into contracts and agreements established between enterprises and their employees, customers, and partners…
- Develop and implement appropriate management and technical measures to protect personal data, tailored to the specific needs and capabilities of enterprises.
- Establish a system of processes, procedures, and templates to serve personal data processing activities.
- Establishment of Personal Data Protection Personnel/Department within Enterprises
- Preparation of Personal Data Processing Impact Assessment Dossier
- Preparation of Cross-Border Personal Data Transfer Impact Assessment Dossier
- Note on the Handling of Violations of Personal Data Protection Laws
