Data Security Compliance with the Personal Data
Protection Decree (PDPD) in Vietnam

Thales can help organizations to protect sensitive data and to comply with a Data-centric Security approach.
Vietnam Personal Data Protection Decree (Decree 13/2023/ND-CP)

The Vietnamese Government announced the Personal Data Protection Decree (Decree 13/2023/ND-CP) on April 17, 2023, and it comes into effect in July 2023. The PDPD aims to fill these gaps in the fragmented legal framework and to provide a comprehensive and consistent approach to personal data protection, extending safeguards for personal data to over 97 million people in Vietnam.

As one of the leaders in data security, Thales enables organizations to comply with PDPD Requirements by recommending the appropriate data security and identity management technologies.

Regulation Overview

Personal Data Protection Decree 13/2023/ND-CP, which is in effect on July 1, 2023. includes 44 articles marking a significant milestone in protecting personal data in the country.
  1. The Decree introduces key concepts and principles of personal data protection and sets out specific requirements for data processors and controllers.
  2. It establishes a regulatory framework for obtaining consent for data processing activities including the purchase and sale of personal information, as well as marketing and advertising, cross-border data transfers, and children data protection, which can contribute to safeguarding the privacy and security of individuals’ personal data.
  1. Main categories of processing personal data of the Decree
  2. Rights of data subjects
  3. Protective measures
  4. Impact assessment
  5. Reporting
  6. Penalties


Thales can help organizations to protect sensitive data and to comply with PDPD requirements with a Data-centric Security approach. Organizations can leverage Thales’ suite of identity and data security solutions to become compliant today and stay compliant in the future.
Data Security

CipherTrust Platform unifies data discovery, classification, and protection and provides unprecedented granular access controls, all with centralized key management. You can rely on Thales CipherTrust Data Security Platform to discover, protect and control your organization's sensitive data, wherever it resides.

Discover: Data Discovery & Classification

The first step in protecting sensitive data is finding the data wherever it is in the organization, classifying it as sensitive, and typing it (e.g. PII, financial, IP, HHI, customer-confidential, etc.) so you can apply the most appropriate data protection techniques. It is also important to monitor and assess data regularly to ensure new data is not overlooked and your organization does not fall out of compliance. CipherTrust Data Discovery and Classification efficiently identifies structured as well as unstructured sensitive data on-premises and in the cloud.

Protect Data-at-Rest

Once an organization knows where its sensitive data is, protective measures such as encryption or tokenization can be applied. For encryption and tokenization to successfully secure sensitive data, the cryptographic keys themselves must be secured, managed and controlled by the organization.

  1. CipherTrust Tokenization
  2. CipherTrust Data Protection Gateway (DPG)
  3. CipherTrust Transparent Encryption (CTE)
  4. CipherTrust Security Intelligence

Organizations need to control access to their data and centralize key management. Every data security regulation and mandate require organizations to be able to monitor, detect, control, and report on authorized and unauthorized access to data and encryption keys. The CipherTrust Data Security (CDSP) Platform allows administrators to create a strong separation of duties between privileged administrators and data owners as well as to enforce very granular, least-privileged-user access management policies. CDSP delivers robust enterprise key management via CipherTrust Cloud Key Manager across multiple cloud service providers (CSP) and hybrid cloud environments to centrally manage encryption keys and configure security policies so organizations can control and protect sensitive data in the cloud, on-premise and across hybrid environments.

Strong Authentication and Access Management

Thales OneWelcome identity & access management solutions provide both the security mechanisms and reporting capabilities organizations need to comply with PDPD requirements. Our solutions protect sensitive data by enforcing the appropriate access controls when users log into applications that store sensitive data. By supporting a broad range of authentication methods and policy-driven role-based access, our solutions help enterprises mitigate the risk of a data breach due to compromised or stolen credentials or through insider credential abuse.

Related products

CipherTrust Data Security Platform

Versatile and compact, entry-level 10 Mbps-1 Gbps network encryptors provide security without comprising network performance.

High Speed Encryption

Addressing the security and performance demands of the largest, most performance-intensive environments, including those of enterprises, government agencies, and cloud service providers, the CN6000 Series encryptors offer variable-speed licenses up to 10 Gbps.

OneWelcome Identity & Access Management

Delivering 100,000,000,000 bits per second of high-assurance and ultra-low latency, the CN9000 Series provides mega data security (100 Gbps) and high speed network performance with the lowest latency in the industry (<2µs).

/ Try It now

Wherever your data resides we can help you own your data

Get a Demo