{"id":13799,"date":"2026-01-22T11:26:08","date_gmt":"2026-01-22T04:26:08","guid":{"rendered":"https:\/\/cdlaf.vn\/?p=13799"},"modified":"2026-01-22T12:33:45","modified_gmt":"2026-01-22T05:33:45","slug":"regulations-regarding-personal-data-under-current-personal-data-protection-law","status":"publish","type":"post","link":"https:\/\/cdlaf.vn\/en\/regulations-regarding-personal-data-under-current-personal-data-protection-law\/","title":{"rendered":"Regulations regarding Personal Data under current Personal Data Protection Law"},"content":{"rendered":"<p><em>According to the Law on Personal Data Protection 2025 and Decree 356\/2025\/ND-CP, enterprises (in the roles of Data Controller\/Data Processor) are required to formulate and maintain a Personal Data Protection Impact Assessment (DPIA) Dossier (Form No. 10) and a Transfer of Personal Data Abroad Impact Assessment Dossier (Form No. 09) from the commencement of operations<\/em><em>.<\/em><\/p>\n<p><em>Important compliance milestones include<\/em><em>:<\/em><\/p>\n<ul>\n<li><strong><em>Dossier Submission Deadline: <\/em><\/strong><em>Within <strong>60 days<\/strong> from the date of processing or transferring data abroad to the Department of Cybersecurity and High-Tech Crime Prevention (A05) \u2013 Ministry of Public Security<\/em><em>.<\/em><\/li>\n<li><strong><em>Appraisal Period: <\/em><\/strong><em>Competent authorities shall return results of &#8220;Satisfactory\/Unsatisfactory&#8221; within<strong> 15 days.<\/strong><\/em><\/li>\n<li><strong><em>Update Period: <\/em><\/strong><em>Dossiers must be updated periodically every <strong>06 months<\/strong> or updated immediately within <strong>10 days<\/strong> if there are changes in organization or business lines related to the data<\/em><em>.<\/em><\/li>\n<li><strong><em>Incident Notification: <\/em><\/strong><em>In case of a violation (data loss, leakage), the enterprise must notify the competent authorities within<strong> 72 hours<\/strong><\/em><em>.<\/em><\/li>\n<\/ul>\n<p><em>Failure to complete dossiers or delays in incident notification may result in the application of strict administrative sanctions in accordance with legal regulations<\/em><em>.<\/em><\/p>\n<figure id=\"attachment_12574\" aria-describedby=\"caption-attachment-12574\" style=\"width: 600px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-12574\" src=\"http:\/\/cdlaf.vn\/wp-content\/uploads\/2025\/08\/pexels-markusspiske-330771-1-600x400.jpg\" alt=\"\" width=\"600\" height=\"400\" srcset=\"https:\/\/cdlaf.vn\/wp-content\/uploads\/2025\/08\/pexels-markusspiske-330771-1-600x400.jpg 600w, https:\/\/cdlaf.vn\/wp-content\/uploads\/2025\/08\/pexels-markusspiske-330771-1-1200x800.jpg 1200w, https:\/\/cdlaf.vn\/wp-content\/uploads\/2025\/08\/pexels-markusspiske-330771-1-768x512.jpg 768w, https:\/\/cdlaf.vn\/wp-content\/uploads\/2025\/08\/pexels-markusspiske-330771-1-1536x1024.jpg 1536w, https:\/\/cdlaf.vn\/wp-content\/uploads\/2025\/08\/pexels-markusspiske-330771-1-2048x1365.jpg 2048w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><figcaption id=\"caption-attachment-12574\" class=\"wp-caption-text\">Source: pexels-markusspiske-330771<\/figcaption><\/figure>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of contents:<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #a32411;color:#a32411\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #a32411;color:#a32411\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/cdlaf.vn\/en\/regulations-regarding-personal-data-under-current-personal-data-protection-law\/#1_Procedures_for_implementing_Personal_Data_Protection_Impact_Assessment\" >1. Procedures for implementing Personal Data Protection Impact Assessment<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/cdlaf.vn\/en\/regulations-regarding-personal-data-under-current-personal-data-protection-law\/#2_Procedures_for_the_transfer_of_personal_data_abroad_impact_assessment_dossier\" >2. Procedures for the transfer of personal data abroad impact assessment dossier<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/cdlaf.vn\/en\/regulations-regarding-personal-data-under-current-personal-data-protection-law\/#3_Updating_the_personal_data_processing_impact_assessment_dossier_and_the_impact_assessment_dossier_for_the_transfer_of_personal_data_abroad\" >3. Updating the personal data processing impact assessment dossier and the impact assessment dossier for the transfer of personal data abroad<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/cdlaf.vn\/en\/regulations-regarding-personal-data-under-current-personal-data-protection-law\/#4_Notification_of_violations_of_personal_data_protection_regulations\" >4. Notification of violations of personal data protection regulations<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/cdlaf.vn\/en\/regulations-regarding-personal-data-under-current-personal-data-protection-law\/#SEND_CONSULTATION_REQUEST\" >SEND CONSULTATION REQUEST<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"1_Procedures_for_implementing_Personal_Data_Protection_Impact_Assessment\"><\/span>1. Procedures for implementing Personal Data Protection Impact Assessment<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>According to Article 21 of the Law on Personal Data Protection 2025 as guided by Clause 1, Article 19 of Decree No. 356\/2025\/ND-CP, entities required to conduct data processing impact assessments include: (1) Personal Data Controller; (2) Personal Data Controller and Processor; and (3) Personal Data Processor. As follows:<\/p>\n<p><strong><em>Personal Data Controller<\/em><\/strong> <em>is the agency, organization, or individual that decides the purposes and means of processing personal <\/em><em>data. <\/em><\/p>\n<p><strong><em>Personal Data Controller and Processor<\/em><\/strong> <em>is the agency, organization, or individual that decides the purposes, means and directly processes personal data.<\/em><\/p>\n<p><strong><em>Personal Data Processor is the agency, organization, or individual that performs data <\/em><\/strong><em>processing on behalf of the Personal Data Controller or the Personal Data Controller and Processor <\/em><em>pursuant to a contract or agreement<\/em>.<\/p>\n<p>According to Clause 1, Article 19 of Decree 356\/2025\/ND-CP, the aforementioned subjects must formulate and maintain their personal data processing impact assessment dossiers from the time they commence personal data processing activities.<\/p>\n<p><strong>Components of the Personal Data Processing Impact Assessment Dossier<\/strong><\/p>\n<p>The dossier is regulated under Clause 2, Article 19 of Decree 356\/2025\/ND-CP as follows:<\/p>\n<p><strong>Personal Data Processing Impact Assessment Report<\/strong> according to Form No. 10 in the Appendix of Decree 356\/2025\/ND-CP;<\/p>\n<p>Including the following contents:<\/p>\n<ul>\n<li>Information and contact details of the Personal Data Controller, Controller and Processor, Processor, and third parties;<\/li>\n<li>Contact details of the personal data protection department or personnel; organizations\/individuals providing personal data protection services (if any);<\/li>\n<li>Description and justification of the purposes of processing, categories of personal data processed, details of processing activities, and personal data flow diagrams;<\/li>\n<li>Description and justification for obtaining data subject consent, policies for storage, deletion, and destruction of personal data;<\/li>\n<li>Plans for ensuring personal data safety, protection measures, system design diagrams, and applied data protection standards;<\/li>\n<li>Results of the compliance assessment regarding personal data protection regulations;<\/li>\n<li>Assessment of the impact and risks of processing activities; potential unwanted consequences\/damages, and measures to mitigate or eliminate such risks.<\/li>\n<\/ul>\n<p><strong>Copy of the contract or agreement on personal data processing<\/strong>, demonstrating the binding responsibilities between organizations and individuals.<\/p>\n<p><strong>Policies, procedures, regulations, forms, and other relevant documents<\/strong> regarding personal data protection of the Controller, Controller and Processor, or Processor.<\/p>\n<p><strong>Procedures for Submitting Personal Data Processing Impact Assessment (DPIA) Dossiers<\/strong><\/p>\n<p>Within 60 days from the date of commencement personal data processing, the relevant party must submit 01 original copy via online methods, or in person, or through postal services to the specialized personal data protection authority under the Ministry of Public Security (currently the Department of Cybersecurity and High-Tech Crime Prevention \u2013 A05)<\/p>\n<p>The specialized personal data protection authority shall evaluate and return results for the personal data processing impact assessment dossier as satisfactory or unsatisfactory within a time limit of 15 days.<\/p>\n<p>The specialized personal data protection authority shall notify and request the personal data controller, the personal data controller and processor, and the personal data processor to complete or amend the personal data processing impact assessment dossier within a time limit of 30 days in cases where the dossier is incomplete or not in accordance with regulations. In the event that the personal data controller, the personal data controller and processor, or the personal data processor fails to complete the dossier in accordance with regulations, the specialized personal data protection authority shall consider applying regulations on administrative violation sanctions in the field of personal data protection.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"2_Procedures_for_the_transfer_of_personal_data_abroad_impact_assessment_dossier\"><\/span>2. Procedures for the transfer of personal data abroad impact assessment dossier<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><strong>2.1. Subjects performing the transfer of personal data abroad impact assessment<\/strong><\/p>\n<p>According to the provisions in Clause 1, Article 18 of Decree 356\/2025\/ND-CP, it is stipulated that agencies, organizations, and individuals having activities of transferring personal data abroad must formulate a transfer of personal data abroad impact assessment dossier.<\/p>\n<p>Cases of transferring data abroad are also mentioned in Clause 1, Article 20 of the Decree, including:<\/p>\n<ol>\n<li><em>a) Transferring personal data being stored in Vietnam to a data storage system located outside the territory of the Socialist Republic of Vietnam;<\/em><\/li>\n<li><em>b) Agencies, organizations, and individuals in Vietnam transferring personal data to organizations and individuals abroad;<\/em><\/li>\n<li><em>c) Agencies, organizations, and individuals in Vietnam or abroad using platforms outside the territory of the Socialist Republic of Vietnam to process personal data collected in Vietnam<\/em><em>.<\/em><\/li>\n<\/ol>\n<p><strong>2.2. Components of the Dossier for Cross-border Transfer of Personal Data<\/strong><\/p>\n<p>The dossier for cross-border transfer of personal data is specified in Clause 2, Article 18 of Decree No. 356\/2025\/ND-CP as follows:<\/p>\n<p><strong>Impact Assessment Report on the Cross-border Transfer of Personal Data<\/strong><strong>, <\/strong>prepared in accordance with Form No. 09 in the Appendix of this Decree;<\/p>\n<p><em><u>Including the following contents<\/u><\/em><em><u>: <\/u><\/em><\/p>\n<ul>\n<li>Information and contact details of the personal data transferor, the personal data recipient, the data processor, and other parties involved in the cross-border transfer of personal data;<\/li>\n<li>Contact details of the personal data protection department or personnel; organizations or individuals providing personal data protection services (if any) of the transferor and the recipient;<\/li>\n<li>Description and justification of the purposes for the cross-border transfer of personal data, types of personal data to be transferred, details of cross-border transfer and processing activities, and a personal data flow diagram;<\/li>\n<li>Description and justification regarding the process of obtaining data subject consent, as well as policies for storage, deletion, and destruction of personal data;<\/li>\n<li>Plans for ensuring personal data security after cross-border transfer, including applied data protection measures and standards;<\/li>\n<li>System diagrams and functional descriptions of the systems used for storing and processing personal data after being received from abroad;<\/li>\n<li>Procedures for the onward transfer or provision of personal data by the recipient to a third party;<\/li>\n<li>Self-assessment results of compliance with personal data protection regulations by the agency, organization, or individual involved in the cross-border transfer;<\/li>\n<li>Assessment of the level of personal data protection provided by the recipient; the impact and risks of the cross-border transfer and processing; potential unwanted consequences or damages, and measures to mitigate or eliminate such risks and threats.<\/li>\n<\/ul>\n<p><strong>Copies of the contract or data transfer agreement<\/strong> establishing the binding obligations and responsibilities between the organizations and individuals transferring and receiving personal data across borders;<\/p>\n<p><strong>Policies, procedures, regulations, forms, and other relevant documents <\/strong>regarding personal data protection of the agency, organization, or individual involved in the the cross-border transfer of personal data.<\/p>\n<p><strong>2.3. Procedures for Submitting the Cross-border Personal Data Transfer Impact Assessment Dossier\u00a0<\/strong><\/p>\n<p>In accordance with legal regulations, the personal data transferor shall submit one (01) original and complete dossier via online platforms, in person, or through postal services to the specialized personal data protection authority under the Ministry of Public Security (currently the Department of Cybersecurity and High-Tech Crime Prevention and Control \u2013 A05).<\/p>\n<p>The specialized personal data protection authority shall evaluate and return the results for the impact assessment dossier\u2014categorized as either satisfactory or unsatisfactory \u2014within a period of 15 days.<\/p>\n<p>The specialized personal data protection authority shall evaluate and request the party transferring personal data abroad to complete the transfer of personal data abroad impact assessment dossier within a time limit of 30 days in cases where the dossier is incomplete or not in accordance with regulations. In the event that the party transferring personal data fails to complete the dossier in accordance with regulations, the specialized personal data protection authority shall consider applying regulations on administrative violation sanctions in the field of personal data protection.<\/p>\n<p><em><u>Note:<\/u><\/em><em> The personal data processing impact assessment dossier and the transfer of personal data abroad impact assessment dossier <\/em><em>must be stored and maintained in a readily available state<\/em><em> to serve the inspection and evaluation activities of the specialized personal data protection authority.<\/em><\/p>\n<h2><span class=\"ez-toc-section\" id=\"3_Updating_the_personal_data_processing_impact_assessment_dossier_and_the_impact_assessment_dossier_for_the_transfer_of_personal_data_abroad\"><\/span>3. Updating the personal data processing impact assessment dossier and the impact assessment dossier for the transfer of personal data abroad<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The impact assessment dossier for the transfer of personal data abroad and the personal data processing impact assessment dossier shall be updated periodically every 06 months from the date of the first submission in the following cases (Article 20 of Decree No. 356\/2025\/ND-CP):<\/p>\n<ul>\n<li>When a new purpose for transferring personal data or a new purpose for processing personal data arises;<\/li>\n<li>When there is an occurrence of, or a change in the personal data controller, personal data controller and processor, personal data processor, or third parties.<\/li>\n<\/ul>\n<p><strong>Alternatively<\/strong><strong>, <\/strong>cases of changes that require immediate update within a time limit of 10 days include:<\/p>\n<ul>\n<li>When the agency, organization, or unit is reorganized, ceases operations, is dissolved, or goes bankrupt in accordance with the provisions of law;<\/li>\n<li>When there is a change in the information regarding the organization or individual providing personal data protection services;<\/li>\n<li>When there is an occurrence of, or a change in the business lines, sectors, or services related to personal data processing that have been registered in the personal data processing impact assessment dossier or the impact assessment dossier for the transfer of personal data abroad.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"4_Notification_of_violations_of_personal_data_protection_regulations\"><\/span>4. Notification of violations of personal data protection regulations<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>According to the provisions of the Law on Personal Data Protection 2025 and the Government&#8217;s Decree No. 356\/2025\/ND-CP detailing a number of articles of the Law on Personal Data Protection, when an incident of violation of regulations on personal data protection occurs, including but not limited to personal data being lost, accessed, collected, used, disclosed without authorization or destroyed, causing, or having the potential to cause, adverse impacts on the legitimate rights and interests of the data subject, national security, public order, or social safety, the data controller, the data processor, or the data controller and processor shall be responsible for notifying the personal data violation of personal data violation. The notification must be performed within a time limit of 72 hours from the time of discovering the violation, in accordance with the correct form, content, and format prescribed in Decree 356\/2025\/ND-CP, while simultaneously specifying the type of data affected, the scope and level of risk, the cause of the violation (if determined), and the remedial and prevention measures against recurrence. In case the notification cannot be made within the time limit due to force majeure reasons, the relevant organization or individual must perform the notification as soon as conditions permit and be responsible before the law for the late notification. The personal data violation notification dossier must be stored and managed to serve the inspection and examination work of competent state agencies in accordance with the provisions of the law on personal data protection.<\/p>\n<ul>\n<li>\n<h4><strong>Advisory email<\/strong> info@cdlaf.vn<\/h4>\n<\/li>\n<li>\n<h4><strong>Hotline:<\/strong> (+84) 909 668 216<\/h4>\n<\/li>\n<\/ul>\n<p><strong><em>Time<\/em><\/strong><strong><em> of writing<\/em><\/strong><em>: 02\/01\/2026<\/em><\/p>\n<p><em>The article contains general information which is of reference value, in case you want to receive legal opinions on issues you need clarification on, please get in touch with our Lawyer \u00a0at\u00a0 <a href=\"https:\/\/mail.google.com\/mail\" target=\"_blank\" rel=\"noopener\"><strong>info@cdlaf.vn<\/strong><\/a><\/em><\/p>\n<div class=\"content-post-nd\">\n<div style=\"text-align: center;\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-5519 size-full aligncenter\" src=\"http:\/\/cdlaf.vn\/wp-content\/uploads\/2023\/05\/CHUONG-TRINH-THANG.png\" alt=\"\" width=\"1080\" height=\"600\" srcset=\"https:\/\/cdlaf.vn\/wp-content\/uploads\/2023\/05\/CHUONG-TRINH-THANG.png 1080w, https:\/\/cdlaf.vn\/wp-content\/uploads\/2023\/05\/CHUONG-TRINH-THANG-720x400.png 720w, https:\/\/cdlaf.vn\/wp-content\/uploads\/2023\/05\/CHUONG-TRINH-THANG-768x427.png 768w\" sizes=\"auto, (max-width: 1080px) 100vw, 1080px\" \/><\/div>\n<\/div>\n<div class=\"content-post-nd\">\n<p><strong>Why choose CDLAF\u2019s service?<\/strong><\/p>\n<ul class=\"li-content\">\n<li>We provide effective and comprehensive legal solutions that help you save money and maintain compliance in your business;<\/li>\n<li>We continue to monitor your legal matters even after the service is completed and update you when there are any changes in the Vietnamese legal system;<\/li>\n<li>Our system of forms and processes related to labor and personnel is continuously built and updated and will be provided as soon as the customer requests it;<\/li>\n<li>As a Vietnamese law firm, we have a thorough understanding of Vietnam&#8217;s legal regulations, and grasp the psychology of employees, employers, and working methods at competent authorities;<\/li>\n<li>CDLAF&#8217;s team of lawyers has many years of experience in the field of labor and enterprises, as well as human resources and financial advisory.<\/li>\n<li>Strict information security procedures throughout the service performance and even after the service is completed.<\/li>\n<\/ul>\n<\/div>\n<p><strong style=\"color: #a32411;\">You can refer for more information:<\/strong><\/p>\n<ul>\n<li><a href=\"https:\/\/cdlaf.vn\/en\/data-and-legal-considerations-in-outsourcing-contracts-part-1\/\">Data and Legal Considerations in Outsourcing Contracts (Part 1)<\/a><\/li>\n<li><a href=\"https:\/\/cdlaf.vn\/tong-quan-cac-quy-dinh-moi-va-co-che-uu-dai-tai-nghi-dinh-354-2025-nd-cp-ve-khu-cong-nghe-so-tap-trung\/\">Overview of New Regulations and Incentive Mechanisms under Decree 354\/2025\/ND-CP on Concentrated Digital Technology Zones<\/a><\/li>\n<li><a href=\"https:\/\/cdlaf.vn\/en\/claims-for-damages-in-commercial-contracts\/\">Claims for Damages in Commercial Contracts<\/a><\/li>\n<li><a href=\"https:\/\/cdlaf.vn\/en\/decree-no-356-2025-nd-cp-which-enterprises-are-exempt-from-personal-data-procedures\/\">Decree No. 356\/2025\/ND-CP: Which enterprises are exempt from personal data procedures?<\/a><\/li>\n<li><a href=\"https:\/\/cdlaf.vn\/en\/2026-update-cross-border-data-transfer-under-decree-no-336-2025-nd-cp-regulations-and-compliance-procedures\/\">Cross-Border Personal Data Transfers \u2013 Procedural Steps to Be Implemented under Decree No. 3362025ND-CP<\/a><\/li>\n<\/ul>\n\n<div class=\"wpcf7 no-js\" id=\"wpcf7-f2681-o1\" lang=\"en-US\" dir=\"ltr\" data-wpcf7-id=\"2681\">\n<div class=\"screen-reader-response\"><p role=\"status\" aria-live=\"polite\" aria-atomic=\"true\"><\/p> <ul><\/ul><\/div>\n<form action=\"\/en\/wp-json\/wp\/v2\/posts\/13799#wpcf7-f2681-o1\" method=\"post\" class=\"wpcf7-form init\" aria-label=\"Contact form\" novalidate=\"novalidate\" data-status=\"init\">\n<fieldset class=\"hidden-fields-container\"><input type=\"hidden\" name=\"_wpcf7\" value=\"2681\" \/><input type=\"hidden\" name=\"_wpcf7_version\" value=\"6.1.5\" \/><input type=\"hidden\" name=\"_wpcf7_locale\" value=\"en_US\" \/><input type=\"hidden\" name=\"_wpcf7_unit_tag\" value=\"wpcf7-f2681-o1\" \/><input type=\"hidden\" name=\"_wpcf7_container_post\" value=\"0\" \/><input type=\"hidden\" name=\"_wpcf7_posted_data_hash\" value=\"\" \/>\n<\/fieldset>\n<h2 class=\"tt-form\"><span class=\"ez-toc-section\" id=\"SEND_CONSULTATION_REQUEST\"><\/span>SEND CONSULTATION REQUEST\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><label>Full name<\/label><br \/>\n<span class=\"wpcf7-form-control-wrap\" data-name=\"full-name\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-text wpcf7-validates-as-required\" aria-required=\"true\" aria-invalid=\"false\" value=\"\" type=\"text\" name=\"full-name\" \/><\/span><br \/>\n<label>Email<\/label><br \/>\n<span class=\"wpcf7-form-control-wrap\" data-name=\"email\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-email wpcf7-validates-as-required wpcf7-text wpcf7-validates-as-email\" aria-required=\"true\" aria-invalid=\"false\" value=\"\" type=\"email\" name=\"email\" \/><\/span><br \/>\n<label>Phone Number<\/label><br \/>\n<span class=\"wpcf7-form-control-wrap\" data-name=\"phone\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-tel wpcf7-text wpcf7-validates-as-tel\" aria-invalid=\"false\" value=\"\" type=\"tel\" name=\"phone\" \/><\/span><br \/>\n<label>Message<\/label><br \/>\n<span class=\"wpcf7-form-control-wrap\" data-name=\"coment\"><textarea cols=\"40\" rows=\"10\" maxlength=\"2000\" class=\"wpcf7-form-control wpcf7-textarea\" aria-invalid=\"false\" name=\"coment\"><\/textarea><\/span><br \/>\n<input class=\"wpcf7-form-control wpcf7-submit has-spinner btn-yellow\" type=\"submit\" value=\"Send\" \/>\n<\/p><div class=\"wpcf7-response-output\" aria-hidden=\"true\"><\/div>\n<\/form>\n<\/div>\n\n","protected":false},"excerpt":{"rendered":"<p>According to the Law on Personal Data Protection 2025 and Decree 356\/2025\/ND-CP, enterprises (in the roles of Data Controller\/Data Processor) are required to formulate and maintain a Personal Data Protection Impact Assessment (DPIA) Dossier (Form No. 10) and a Transfer of Personal Data Abroad Impact Assessment Dossier (Form No. 09) from the commencement of operations&#8230;.<\/p>\n","protected":false},"author":4,"featured_media":12574,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[64],"tags":[],"class_list":["post-13799","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-articles"],"acf":[],"_links":{"self":[{"href":"https:\/\/cdlaf.vn\/en\/wp-json\/wp\/v2\/posts\/13799","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cdlaf.vn\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cdlaf.vn\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cdlaf.vn\/en\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cdlaf.vn\/en\/wp-json\/wp\/v2\/comments?post=13799"}],"version-history":[{"count":2,"href":"https:\/\/cdlaf.vn\/en\/wp-json\/wp\/v2\/posts\/13799\/revisions"}],"predecessor-version":[{"id":13801,"href":"https:\/\/cdlaf.vn\/en\/wp-json\/wp\/v2\/posts\/13799\/revisions\/13801"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cdlaf.vn\/en\/wp-json\/wp\/v2\/media\/12574"}],"wp:attachment":[{"href":"https:\/\/cdlaf.vn\/en\/wp-json\/wp\/v2\/media?parent=13799"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cdlaf.vn\/en\/wp-json\/wp\/v2\/categories?post=13799"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cdlaf.vn\/en\/wp-json\/wp\/v2\/tags?post=13799"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}