Vietnam's PDPL in focus: What to know and watch for
Contributors:
Huyen-Minh Nguyen
Alex Do
CIPP/E
IPTech Executive
BMVN International LLC
Editor's note: The IAPP is policy neutral. We publish contributed opinion and analysis pieces to enable our members to hear a broad spectrum of views in our domains.
Vietnam's lawmakers probably didn't sleep much earlier this summer as they hammered out dozens of laws and decrees in the course of a month. Their efforts propelled the country's historic transition to a two-tier local government structure, effective 1 July, and encouraged fresh mindsets to advance the country's digital dominance.
Vietnam's Personal Data Protection Law — issued 26 June and effective 1 Jan. 2026 — emerged as a timely upgrade to a scattered domestic data privacy regime. The country's first comprehensive legal framework for protecting personal data demonstrates its recognition of personal data as an important economic driver and marks the Ministry of Public Security's success in developing a unified protection framework.
The PDPL outranks the 2023 Personal Data Protection Decree and will prevail when it takes effect. It retains the decree's core EU General Data Protection Regulation-like structures while adding new specific requirements and enabling the government to introduce further details at a later date.
In order for the PDPL to be operative and enforceable, the government must issue a guiding decree and a sanction decree, which merit close tracking. The guiding decree is anticipated to be released and passed before the end of the year with the sanction decree expected to follow.
Governing scope
Contributors:
Huyen-Minh Nguyen
Alex Do
CIPP/E
IPTech Executive
BMVN International LLC