+44 (0) 121 582 0192 [email protected]


In the realm of global data privacy, Vietnam has taken a significant stride with the introduction of the Personal Data Protection Decree (PDPD). This regulatory framework marks a pivotal shift, setting stringent guidelines for data handling and protection. Central to this new decree are the Data Protection Impact Assessment (DPIA) and the Overseas Transfer Impact Assessment (OTIA), which organisations must meticulously prepare and submit to the government’s A05 department within 60 days of commencing the processing of personal data . However, as the deadline approaches, many organisations find themselves entangled in a web of challenges, striving to align their operations with the law’s demands.


Understanding the Stakes

The DPIA is a process designed to help organisations systematically analyse, identify, and minimise the data protection risks of a project or plan. The OTIA, on the other hand, is crucial for ensuring that data transferred across borders is afforded a level of protection consistent with the PDPD requirement. The stakes are high, as non-compliance could lead to severe penalties, reputational damage, and operational disruptions.


Navigating the Challenges

  1. Complexity of Compliance Requirements: The PDPD stipulations are comprehensive, demanding a deep understanding of the data flows within an organisation. Many businesses struggle to map out their data processing activities thoroughly, an essential step for an accurate DPIA and OTIA.
  2. Resource Constraints: Adequate preparation of DPIA and OTIA reports is resource-intensive, requiring significant time, expertise, and financial investment. Organisations, especially SMEs, often face difficulties allocating the necessary resources without impacting their regular operations.
  3. Technical Expertise: The intricacy of the assessments demands a high level of expertise in data privacy laws, cybersecurity, and risk management. However, there is a notable skills gap in the market, making it challenging for companies to find or develop the right talent.
  4. Time Pressure: With the looming deadline, organisations are under immense pressure to expedite their assessment processes. This rush can lead to oversights, incomplete assessments, and ultimately, non-compliance.
  5. Evolving Data Landscape: The dynamic nature of digital transformation means that data processing activities are constantly changing. Keeping the DPIA and OTIA up-to-date with these changes, while also focusing on core business activities, can be overwhelming for many organisations.


Strategies for Effective Compliance

  • Early Engagement: Begin the DPIA and OTIA processes as early as possible to allow ample time for thorough analysis and revisions.
  • Leverage Expertise: Engage with data privacy consultants or legal experts who specialise in Vietnam’s data protection laws to navigate the complex requirements effectively.
  • Invest in Training: Enhance your team’s understanding of the PDPD requirements through targeted training sessions and workshops.
  • Technology Utilisation: Implement data mapping and assessment tools to streamline the information gathering and analysis phases of your DPIA and OTIA.
  • Continuous Monitoring: Establish a framework for ongoing monitoring and updating of your data protection impact assessments to adapt to any changes in data processing activities or the regulatory landscape.



The road to compliance with Vietnam’s PDPD law, particularly the DPIA and OTIA submissions, is fraught with challenges. However, with strategic planning, expert guidance, and a proactive approach, organisations can navigate these hurdles effectively. Embracing the complexities of this new regulatory environment can transform a daunting obligation into an opportunity to enhance data protection practices and build trust with stakeholders, ultimately safeguarding the organisation’s reputation and operational integrity.

In the evolving landscape of data privacy, staying ahead is not merely about compliance; it’s about demonstrating a commitment to data protection, a crucial element in winning customer trust and sustaining business growth. Let’s embrace this challenge as an opportunity to enhance our data stewardship and reinforce our commitment to privacy, setting a benchmark for excellence in the digital era.

Click here to find out more        Formiti Vietnam PDPD Services