![[Companies] Draft penalties for violation of cybersecurity and personal information protection ordinances| I-GLOCAL CO., LTD.](https://www.i-glocal.com/wp-content/themes/igl/images/logo.png){kind=logo}
Legal News
[Companies] Draft penalties for violation of cybersecurity and personal information protection ordinances
2023/10/12
The Ministry of Public Security is currently investigating violations of laws on cybersecurity (Cybersecurity Law No. 24/2018/QH14, Decree 53/2022/ND-CP) and laws on personal information protection (Decree No. 13/2023/ND-CP). Public comment procedures are currently underway for a draft government ordinance that stipulates administrative penalties in the field of cybersecurity.
Notable contents of the draft are below:
1) Targets to which the ordinance applies: A number of targets are included, including enterprises and dependent units (including branches and representative offices), foreign companies providing telecommunications, Internet services, and content provision services in cyberspace.
2) Main content of violations: Violations related to cybersecurity, violations related to the collection, transfer, and transactions of personal information, and violations of obligations related to personal information, such as violations of regulations regarding impact assessment of personal information processing.
3) Penalties: In addition to fines (2 million VND to 200 million VND if the violator is an organization), penalties such as suspension of business or revocation of business license are also prescribed depending on the violation case. Fines may be determined based on one of the following criteria, depending on the nature, severity, consequences of the violation, attributes of the offender, aggravated circumstances, number of violations, etc.
・Up to 5 times the above fine amount
・5% of the income in the previous fiscal year
・5% of the profits obtained from the violation.
According to the draft, the ordinance is scheduled to be enacted and come into force on December 1, 2023. In order to comply with each legal regulation, companies are encouraged to closely monitor the contents of the draft and future trends, and review their internal systems as early as possible if necessary.
*This article was translated by Yarakuzen.
