According to the content of the draft Law on Personal Data Protection submitted to the National Assembly at the 9th Session, each organization, enterprise, and individual must have at least 1 personal data protection expert suitable for the industry, profession, and business field (Clause 2, Article 39).
Small businesses and startups have the right to choose to exempt regulations on personal data protection experts for the first 5 years from the establishment of the business, but not applicable to micro enterprises, small enterprises, and startups directly involved in personal data processing.
The draft Law clearly states that a personal data protection expert is a person with the capacity to protect personal data, including: a personal data protection expert with technological and legal capacity; a personal data protection expert with technological capacity; a personal data protection expert with legal capacity.
Commenting on the above content, at the group meeting on the afternoon of May 12, many National Assembly deputies said that this regulation should be carefully considered.
According to delegate Nguyen Thi Ha - Member of the National Assembly of Bac Ninh province, the requirement for each organization and enterprise to have at least one personal data protection expert, however, there are no regulations on the scale or field of operation that may not be suitable for reality.
The delegate also pointed out the fact that the current human resources for personal data protection in Vietnam are limited in both quantity and quality, while training institutions in this field have not been able to meet practical needs.
"I think this requirement can lead to the risk of having a name without a person or Forming a title, not ensuring real effectiveness," said delegate Nguyen Thi Ha.
From the above reality, the delegate suggested that it is necessary to classify the subjects of application based on the scale, field of operation, as well as the level of risk in data processing.
It is possible to require and arrange data protection experts in organizations and businesses operating in high-risk areas, such as finance, banking, education, healthcare, e-commerce, units that process large volumes of sensitive personal data, etc.
Sharing the same view, delegate Nguyen Van Quan - National Assembly Delegate of Hau Giang province said that the above regulation could create a burden for businesses.
According to the delegate, not every business has such a large amount of personal data that it requires a security expert. The delegate suggested that it is necessary to select subjects that need to apply the above regulation to be close to reality.
Many delegates also expressed their opinions on the need to clarify the concepts of "sensitive personal data" and "basic personal data" stipulated in Clause 1, Article 1 of the draft Law.
According to the delegates, if the content of these concepts is clarified, it can solve practical problems that are regulated by law, or identify violations related to personal data protection when handling.
Speaking in Group No. 13, Senior Lieutenant General Tran Quoc To - Deputy Minister of Public Security requested the agency in charge of drafting the law to continue reviewing and studying to further improve the draft law to cut and simplify administrative procedures, conditions for investment in production and business, reduce costs, and create the highest convenience for people and businesses.
