The original article in Vietnmese: Quy định về lưu trữ dữ liệu trên không gian mạng đối với doanh nghiệp nước ngoài.

Foreign enterprises when registering the business and conducting operations in Vietnam should pay attention to the storage of data in cyberspace. Through this article, Nghiep Thanh Law will help foreign enterprises clarify 3 problems. Firstly, according to current law, which enterprises need to comply with the storage of data in cyberspace? Second, if the subject must conduct storage, what kind of data must the foreign enterprise store? Third, when being subject to storage, what time should foreign enterprises take note?

Firstly, enterprises should store data in cyberspace when they operate in various fields:

– Telecommunication services;

– Store and share data in cyberspace;

– Providing national or international domain names for service users in Vietnam;

– E-commerce; online payment; payment intermediary;

– Transport connection services through cyberspace; social networks and social media;

– Online video games; services of providing, managing, or operating other information in cyberspace in the form of messages, voice and video calls, e-mails, and online chats.

In addition to data storage, foreign enterprises must establish a branch or representative office when it meets the following conditions:

– Services provided by the enterprises are used to commit acts of violating the law on network security and the Cybersecurity Department has requested to cooperate in preventing, investigating, and handling but failed to do or did not fully enough to comply;

– Having acts of preventing, obstructing, disabling, or invalidating security protection measures implemented by specialized network security forces.

It follows that not all foreign enterprises when conducting business registration and legally operating in Vietnam, must comply with regulations on data storage. Only foreign enterprises are providing services on telecommunications networks, the internet, value-added services on cyberspace in Vietnam, and carrying out data collection, exploitation, analysis, and processing activities. So, what data needs to be stored?

– Data on personal information of service users in Vietnam;

– Data created by service users in Vietnam;

– Data on relationships of service users in Vietnam;

E.g: Ms. A has Vietnamese nationality and is using the transportation service of GD company which is registered in Thai Lan. Information data of Ms. A must store in Vietnam including:

– Data about the full name, date of birth, nationality, and hometown of Ms. A;

– Data about account name, used time, information on credit cards, emails, and phone number created by Ms. A when registering a service account;

– Data about the last logout; the network address that Ms. A uses to log into her account;

– Data about friends and colleagues that Ms. A has connected and interacted with during the use of services at company GD.

When the foreign enterprise is the subject has to conduct the data storage, please note the times as follows:

– The period for foreign enterprises to complete data storage and establish branches and representative offices in Vietnam according to the decision requested by the Minister of Public Security is 12 months;

– The storage period will proceed according to the decision required by the Minister of Public Security, but the minimum is 24 months; However, the form of storage will be decided by the enterprise.

– The time to set up a branch or representative office in Vietnam will start when there is a decision on the request until the enterprise no longer operates in Vietnam or the specified service is no longer provided within the territory of Vietnam.

The Law on Cybersecurity 2018 and Decree 53/2022/ND-CP are the bases used to determine the obligation of foreign enterprises to store data related to personal information of service users in Vietnam in case the enterprises are providing services on telecommunications networks, the internet, value-added services in cyberspace in Vietnam and carrying out activities of collecting, exploiting, analyzing and processing that data. As such, this regulation only applies to a part of enterprises conducting activities in cyberspace and limits the data that must be stored in Vietnam – belonging to user data in Vietnam and does not affect the data that must be stored in Vietnam, and hinder business activities of enterprises; doesn’t create barriers for businesses to participate in the economic market in Vietnam.

In addition, the establishment of a branch or representative office in Vietnam for foreign enterprises subject to the obligation of archiving is essential and in line with international practices as well as current digital technology. Because of the establishment of representative offices, branches will support the State to solve data-related problems of service users in Vietnam quickly; easy to conduct monitoring; guide, monitor, and notify when errors occur; and urge foreign enterprises to correct their violations.

The above is the content of advice on “Regulations on data storage in cyberspace for foreign enterprises”

If you find the article useful, let’s spread knowledge to the Community by clicking “Share” this article.

Nghiep Thanh Law thank you for reading and sharing. We look forward to receiving your feedback and suggestions.

Translator: Quach Gia Hy

Content writer: Quach Gia Hy

Instructor: Nguyen Linh Chi

Admin: Lawyer Thuan