On 19 February 2025, the Ministry of Interior (“MOI”) issued Notification No. 571 (“Notification 571”) on the Obligation to Comply with the Requirements under the Law on Associations and Non-Governmental Organizations (“LANGO”). Notification 571 serves as the fourth reminder from the MOI for associations and local non-governmental organizations (“LNGOs”) to adhere to the obligations outlined under the LANGO. The objectives of Notification 571 are to safeguard both the public interest and the interests of associations and LNGOs in accordance with the law. Additionally, it seeks to strengthen the relationship between these associations, LNGOs, and the public authorities.

To achieve these objectives and in accordance with the LANGO, Notification 571 reiterates the obligations for associations and LNGOs, along with the timeline for compliance, as follows:

ObligationTimeline
Submission of a written notification detailing the bank account used for operations in Cambodia to the MOI and the Ministry of Economy and Finance (“MEF”).Within 30 days from the registration date. Associations or LNGOs that have failed to notify in the past must notify by the end of March 2025.
Submission of the summary of the activities report and annual financial report of the LNGOs to the MOI and MEF.Before the end of February 2025.
In case of receiving financial aid from donors, the LNGOs must submit: a copy of the summary report of activities and the annual financial report, copied from the original document submitted to the donors; and a copy of documents related to the activities program and the financial agreement that the donors have agreed to provide such aid.   The above documents must be kept at the registered office of the LNGOs for five years.within 30 days from the date of sending it to the donors.within 30 days from the date of the agreement of the donors.        
Submission of a written notification to the MOI on the changes in LNGO’s particulars such as the amendment of its statute, registered address, change of director or executive director, and change of information regarding bank account, the operation.  Within 15 days from the date of such change.

In line with the LANGO, Notification 571 further emphasize that associations and LNGOs shall refrain from:

  1. engaging in any activities that are contrary to those outlined in their statute, applicable laws, and regulations; and
  2. undertaking any activities designed to generate profit for their own benefit or distributing profits, or activities that may endanger security, stability, public order, national security, national unity, culture, or traditions of Cambodia. 

It is advisable for associations and LNGOs to adhere to the requirements under Notification 571 to avoid non-compliance, which may result in removal from the registration list under the LANGO.

The information provided here is for information purposes only and is not intended to constitute legal advice. Legal advice should be obtained from qualified legal counsel for all specific situations.

Vansok Khem

Vansok Khem

Partner
Partner
Cambodia

DFDL Cambodia would like to take this opportunity to wish all our readers a healthy, happy and prosperous 2025. As we start the new year and come back to the office, we have put together this update to remind readers of the most recent and salient legal, tax and accounting annual compliance obligations for enterprises in Cambodia.

We note that annual compliance requirements may vary for different enterprises. In all cases, we encourage you to seek expert advice from a professional advisor regarding the annual compliance requirements that may be applicable to your entity.

Raksa Chan

Raksa Chan

Senior Consultant
Senior Consultant
Cambodia

*Our previous article on the proposed amendments introduced by the Personal Data Protection (Amendment) Bill 2024 is accessible here.

Pursuant to a notification in the Gazette published on 24 December 2024, the Personal Data Protection (Amendment) Act 2024 (“PDPA Amendment Act”), which received royal assent on 9 October 2024, is set to come into effect in 3 phases. The first phase will commence on 1 January 2025, followed by the second phase scheduled on 1 April 2025, and the final phase on 1 June 2025. We set out below an overview of each phase.

First phase

Sections 7, 11, 13 and 14 of the PDPA Amendment Act to be effective on 1 January 2025

  • Allows for service of notices or any other document which may be given under the Personal Data Protection Act 2010 (“PDPA”) upon any person by way of electronic means. 
  • The amendments are generally administrative in nature and do not impose new obligations.

Second phase

Sections 2 – 5, 8, 10 and 12 of the PDPA Amendment Act to be effective on 1 April 2025

(a) Change in terminology and revision to definitions

  • Substitution of the term “data user” with “data controller”.
  • Definition of “sensitive personal data” expanded to include “biometric data”.
  • “Personal data breach” defined to mean any breach, loss, misuse or unauthorized access of personal data.
  • Exclusion of personal data of deceased individuals from the scope of the PDPA.

(b) New obligation on data processors

  • Data processors will be directly regulated under the security principle outlined in section 9 of the PDPA when processing personal data.
  • Non-compliance will result in penalties imposed directly on data processors.

(c) Increased penalties

  • Maximum penalties for non-compliance with the personal data protection principles increased to a fine of RM1,000,000 from RM300,000 and/or imprisonment for a term of 3 years from 2 years.

(d) Amendments to cross-border data transfers

  • Removal of whitelisting regime.
  • Permits for the transfer of personal data to countries with substantially similar data protection laws or equivalent levels of protection.

Third phase

Sections 6 and 9 of the PDPA Amendment Act to be effective on 1 June 2025

(a) Mandatory appointment of data protection officer

  • Both data controllers and data processors must appoint a data protection officer to oversee compliance with the PDPA.

(b) Mandatory data breach notification

  • Data controllers are required to notify the Personal Data Commissioner (“Commissioner”) of personal data breaches.
  • Where the breach is likely to cause significant harm to the data subject, to notify the data subject.

(c) New rights to data portability for data subjects

Guidelines and Revised Personal Data Protection Standard to be Issued

According to an announcement by the Commissioner on 18 November 2024, four guidelines and a revised version of the Personal Data Protection Standard are expected to be issued in early 2025, with the remaining three guidelines to follow in the third quarter of 2025. The first four guidelines to be published addresses areas such as the Data Protection Officer, Data Breach Notification, Cross-border Data Transfer and Data Portability. It is anticipated that these guidelines will provide clearer details and practical steps to facilitate compliance with the amended regulations. While we await the finalized guidelines, businesses and organizations are encouraged to review its existing privacy policies and personal data processing practices, and to identify any updates require to align with the amendments introduced by the PDPA Amendment Act.

DFDL Compliance and Investigations Practice Group

DFDL’s compliance and investigations practice works side-by-side with other practice groups and leverages our expertise across a range of compliance risks including data protection, cyber security, anti-bribery and anti-corruption, anti-money laundering, legal design for UX/UI compliance, and human rights supply-chain due diligence. With our extensive experience in Asian emerging markets we can help in proactively assessing compliance risks, developing policies and procedures, as well as support with compliance failure mitigation and investigations.

The information provided here is for information purposes only and is not intended to constitute legal advice. Legal advice should be obtained from qualified legal counsel for all specific situations.

Hui Lynn Tan

Hui Lynn Tan

Partner
Partner
Malaysia

On 29 August 2024, the Ministry of Tourism (“MOT”) and the Ministry of Economy and Finance issued a Joint Prakas 537 on the Penalties under the Authorities of the Ministry of Tourism (“Joint Prakas 537”) setting out a list of penalties in relation to violation of the Law on Tourism and related tourism regulations that are under the authorities of the MOT. This Joint Prakas 537 will come into effect on 1 October 2024 abrogating previous Prakas such as Joint Prakas 160 on Tourism Related Penalties dated 17 February 2020.

The penalties under Joint Prakas 537 include monetary fines (to be paid by specified deadline) and subsequent fines on late payment of up to 20 million riels (approximately USD 5,000).

We note that this new regulation provides clarity, particularly with respect to the delegation of authority to the capital and provincial administrations and some changes regarding the monetary fines, in comparison to the previous Prakas

The table below highlights some of the key offenses and penalties:

In light of the above, we recommend business operators adhere to the requirements set out in the Law on Tourism and to check the expiration date of their licenses or obtain a new license, if necessary, as failure to do so may result in monetary fines as specified in this Prakas.

Should you have any concerns or queries on the matters mentioned above, please feel free to contact us at [email protected].

The information provided here is for information purposes only and is not intended to constitute legal advice. Legal advice should be obtained from qualified legal counsel for all specific situations.

Vansok Khem

Vansok Khem

Partner
Partner
Cambodia

The Personal Data Protection (Amendment) Bill 2024 (“PDP Bill”) was passed by the Dewan Rakyat (House of Representatives) on 16 July 2024 and, subsequently, by the Dewan Negara (the Senate) on 31 July 2024. The PDP Bill is not yet in force. To come into effect, it must be presented for Royal Assent and will only become law upon publication in the Gazette on a date to be appointed by the Digital Minister.

The PDP Bill proposes several revisions to the Personal Data Protection Act 2010 (“PDPA”) to bring Malaysian data protection legislation closer in line with international norms. The key amendments introduced by the PDP Bill are set out below:

1. Change in terminology

2. Increased penalties

3. Data processors to comply with the security principle

4. Mandatory data breach notification to the Personal Data Protection Commissioner

The Personal Data Protection Commission has, on 19 August 2024, issued 3 consultation papers (collectively, “Consultation Papers”) including Public Consultation Paper No.01/2024 (The Implementation of Data Breach Notification) to ask for public feedback in relation to the development of the Personal Data Protection (Personal Data Breach Notification) Regulations and the Data Breach Notification Guideline.

These include feedback on: (a) the notification thresholds and timeline for, both, breach notifications to the Commissioner and data subjects; (b) the manner and form in which such notifications are to be made; (c) applicable exemptions from the requirement to notify data subjects of a breach; (d) the obligations of data processors in relation to the breach notification obligations; (e) the concurrent application of the proposed data breach notification regime with that of other laws/sectoral breach notification regimes; and (f) management of personal data breaches and record keeping obligations.

5. Requirement to appoint data protection officer(s)

The second public consultation paper, Public Consultation Paper No.02/2024 (The Appointment of Data Protection Officer), seeks for public feedback on: (a) the threshold requirement for mandatory appointment of a data protection officer; (b) consistency with other legal requirements to a role similar to a data protection officer; (c) sector-specific risks for data protection officers to be aware of when carrying out their functions; (d) reporting lines; (e) regional data protection officer appointment and local residency requirements; (f) minimum expertise, qualifications, and certifications; and (g) factors the Commissioner may consider in exercising its discretion to mandate the appointment of a data protection officer.

6. New rights to data portability

The third public consultation paper, Public Consultation Paper No.03/2024 (The Right to Data Portability), seeks for public feedback on: (a) the readiness of data controllers for the right to data portability; (b) the types of personal data subject to such right; (c) timeline for compliance after a request from data subjects; (d) whether there should be a time limit / limitation period imposed such  requests for personal data processed and retained by the data controller prior to the request; (e) whether fees are to be chargeable for responding to such requests; and (f) the method for transmitting personal data arising from a data portability request.

7. Sensitive personal data to include biometric data

8. Abolishment of the current whitelist cross-border transfer regime

9. Data subjects to exclude deceased individuals

What’s Next?

The amendments proposed by the PDP Bill represent a significant advancement in the country’s data protection framework, reflecting a growing commitment to safeguarding personal data in an increasingly digital age. The proposed amendments will, upon coming into force, enhance transparency, accountability, and control for data subjects over their personal data, aligning Malaysia

The information provided is for information purposes only and is not intended to constitute legal advice. Legal advice should be obtained from qualified legal counsel for all specific situations.

Hui Lynn Tan

Hui Lynn Tan

Partner
Partner
Malaysia

The Insurance Regulator of Cambodia (“IRC“) issued Prakas No. 044 on Rules and Guidelines for Reinsurance (“Prakas 044“) dated July 12, 2024. Prakas 044 applies to general insurance companies, life insurance companies, reinsurance companies, and microinsurance companies operating in Cambodia.

Prakas 044 specifies that insurance companies must obtain prior approval from the IRC after receiving a resolution from their board of directors for both offshore and onshore reinsurance agreements and reinsurance policies. After the approval, any changes to these reinsurance agreements or reinsurance policies also require IRC approval: within 15 days for reinsurance agreements and within 30 days for reinsurance policies, following the board resolution.

Prakas 044 stipulates that insurance companies must manage risk by adhering to limits based on a basic model for each risk and event related to their insurance products. They are prohibited from issuing policies with amounts exceeding their insurance retention thresholds unless covered by reinsurance.

  • Reinsurance Agreement: Insurance companies must obtain prior approval from the IRC for preparing reinsurance agreements after receiving a resolution from their board of directors. For any upcoming agreements, insurance companies should apply for this approval before November 1 each year or concurrently with their insurance product applications. Insurance companies may transfer excess risk beyond their insurance retention thresholds to reinsurance companies, whether offshore or onshore, as long as it complies with the terms outlined in Prakas 044.
  • Reinsurance Policy: Insurance companies are required to prepare their reinsurance policies and submit them to the IRC within 30 days of the board resolution. Additionally, they must review and evaluate their reinsurance policies at least once every three years.

Both reinsurance agreements and reinsurance policies must be prepared in accordance with the terms and conditions set forth in Prakas 044. The IRC also requires insurance companies to submit a report summarizing their reinsurance activities by January 15 of the following year.  

Under Prakas 044, if there is non-compliance, the IRC allows insurance companies to explain their situation before any disciplinary sanctions are imposed. Please note that sanctions for violations of Prakas 044 will be in accordance with the Law on Insurance and other relevant regulations.

The information provided here is for information purposes only and is not intended to constitute legal advice. Legal advice should be obtained from qualified legal counsel for all specific situations.

Nearirath Sreng

Nearirath Sreng

Partner
Partner
Cambodia

Overview

Prakas 095 on Unfair Practices in Business Related to Advertisements and Sale Promotions was issued on 12 April 2024 by the Ministry of Commerce (“Prakas 095”). Prakas 095 covers unfair practices in business related to advertisement and sale promotions that are not addressed by the Law on Consumer Protection, with the objective of protecting consumers’ rights and interests.

Prakas 095 applies to all persons (including individuals and entities) engaged in supplying and advertising goods and services that provides false or misleading promises, advertisements or representation via all forms and methods, including digital methods, within the Kingdom of Cambodia. The main prohibitions outlined by Prakas 095 encompass three areas: (1) prize giveaways; (2) advertisements and sale promotions; and (3) false or misleading advertisements.

We summarize the key prohibitions as follows:

Certain Prohibited Unfair Practices

Prize giveaways

  1. not giving away prizes, insufficient prizes as planned and inequivalent value of the prizes as planned, except where there is acceptable evidence; and
  2. providing fake, false or deceptive documents or information related to the identity of the prize winner and not providing any other relevant documents as required by the investigating officer of the Consumer Protection Competition and Fraud Repression Directorate-General (“CCF”).

Business operators who will conduct advertisements attached with prizes must submit the prize giveaway plan and documents and information related to the identity of prize winners in a timely manner as required by the investigating officer of the CCF.

Advertisement and sale promotions

  1. having minor to offer prizes and advertisement related to alcoholic, energy drinks or any other practices prohibited by other relevant regulations;
  2. using labels, all kinds of advertising signs that do not have Khmer letters, or Khmer fonts are not above foreign fonts or are not twice as large as foreign fonts;
  3. advertising goods and services that are prohibited to commercialize and/or to advertise; and
  4. advertising goods and services without displaying the minimum information as required by applicable regulations.

False or misleading advertisements

  1. encouraging minors to think, act, speak or act contrary to the tradition and morality, adversely affect the health, safety or natural development of minors;
  2. using words or phrases such as the best, only one, number one, superior, unmatchable, or words with similar meanings without proper documentation certified by the relevant ministries, institutions and authorities;
  3. using words or phrases such as pop to win, scratch to win, buy to win, open to win, pop more win more, scratch more win more, buy more win more, or using words or phrases that have similar meanings without specifying to the consumer the types of goods and services to be provided;
  4. using words, writings or pictures that are false, misleading or distorting the truth, obscene, obscene words;
  5. using articles or spot advertisement that are not in accordance with a compliance certificate issued by the MOC;
  6. hiring or order any persons to falsely promote that they have received a prize or other benefits from any goods or services; and
  7. comparing own’s goods and services with the goods and services of others with the intent to downgrade or harm the others’ products and services.

Prakas 095 also stipulates the necessary requirements that business operators must adhere to when conducting sale, clearance sale, special discount, goods and services bundled with additional services exceeding the requirements (as a package), and lucky draw.

Any individual who commits an offence in violation of the provisions under Prakas 095 relating to, among others, reporting to the CCF, prize giveaways, advertisement and sale promotions will be subject to an interim fine not exceeding KHR 50,000,000 (approximately USD 12,500) or, for violation of provisions relating to false or misleading advertisements, not exceeding KHR 80,000,000 (approximately USD 20,000).

PRAKAS 084 ON FORMALITIES, PROCEDURES AND MEASURES TO MANAGE ADVERTISEMENT OF ALCOHOLIC PRODUCTS

Overview

The Ministry of Information (“MOI”) issues Prakas 084 on Formalities, Procedures and Measures to Manage Advertisements of Alcoholic Products on 23 July 2024, to regulate advertisements of alcoholic products (“Prakas 084”). The scope of Prakas 084 applies to all alcoholic products containing more than 3% ethanol content and covers all forms and means of advertisement, including digital advertising in Cambodia.

Key Provisions under Prakas 084

1. Permit Requirement

All individuals and entities intending to advertise alcoholic products must apply for a permit from the Alcoholic Products Advertisement Management Working Group (“Working Group”). Applications can be submitted online or offline through the one-window service of Secretariat of the Working Group located at the MOI. The Secretariat of the Working Group has seven working days upon receipt of application documents to review the application. If the application documents are sufficient, the Secretariat of the Working Group will issue a permit in digital form.

It is important to note that, in addition to the above permit, business operators may request a compliance certificate from the Ministry of Commerce (on a voluntary basis) to confirm that the advertisement complies with applicable laws.

2. Key Advertisement Principles

There are certain key principles for advertisements of alcoholic products:

  1. Content Restrictions:
    1. displaying required warning messages (i.e., ‘drink do not drive’ or ‘drink responsibly’) clearly and visibly in a font size 1/4 of the advertisement size and avoiding the use of characters, logos, or themes for the purpose of attracting minors;
    2. alcohol advertising must not depict alcohol consumption before or while driving, claim health benefits for pregnant or breastfeeding women, or make general health claims; and
    3. respect for religious beliefs, cultural values, and women’s health and well-being is required.
    4. prohibiting the use of exaggerated descriptions, linking alcohol consumption to sexual performance or attractiveness, depicting alcohol consumption in advertisement, encouraging alcohol consumption on stage, targeting minors, or using minors as advertisers;
  2. Time Restrictions: No alcohol advertising on television and radio between 6 PM and 8 PM except for simple display of logo or product name.
  3. Location Restrictions: No alcohol advertising within 200 meters of educational, health, religious, cultural and historical institutions, and international airports.
  4. Online Advertising: Alcohol advertisements on electronic platforms must include a warning message prohibiting minors from viewing them.

3. Compliance and Enforcement

Individuals and entities that have advertised or are currently advertising alcoholic products must obtain a permit from the Secretariat of the Working Group within three months of the issue date of Prakas 084, being 23 October 2024. Media outlets are required to broadcast only advertisements of alcohol products authorized by the Working Group. Non-compliance with Prakas 084 will result in legal action under the applicable laws and regulations.

Considering the above, businesses involved in alcoholic products advertising must carefully review Prakas 084 to ensure compliance. Key actions include obtaining permits on advertising, adhering to strict content principles to avoid penalties, and reviewing existing advertising materials to ensure compliance.

Should you have any concerns or queries on the matters mentioned above, please feel free to contact us at [email protected].

The information provided here is for information purposes only and is not intended to constitute legal advice. Legal advice should be obtained from qualified legal counsel for all specific situations.

Vansok Khem

Vansok Khem

Partner
Partner
Cambodia

The Ministry of Labour and Vocational Training and the Ministry of Economy and Finance issued a Joint Prakas 498, which replaced the previous Joint Prakas 659 on Monetary Fines for Those Who Violate the Provisions of the Labour Law dated 6 June 2016. The new Joint Prakas 498 updates the penalty for those who violate the provisions of the Labour Law and consolidates the increase of daily base wage and related penalties.

The key updates introduced by Joint Prakas 498 are highlighted below:

(1) increase of daily base wage: the daily base wage, used to calculate penalty for any non-compliance with the Labour Law, is increased from KHR 40,000 (approximately USD 10) to KHR 80,000 (approximately USD 20). There is also a new separate daily base wage of KHR 200,000 (approximately USD 50) used for the calculation of the penalty for violation of Articles 261, 264 and 372 of the Labour Law on work permit and employment of foreign nationals as stated under Joint Prakas 326 on the New Daily Base Wage dated 25 November 2022 (“Joint Prakas 326”); and

(2) removal of the monetary penalty by a competent court: monetary fines that can be imposed by a competent court included in the previous Joint Prakas 659 have been removed from Joint Prakas 498. Instead, under Joint Prakas 498, if an offender refuses to pay the fine as determined, the Labour Inspector will file a case to the competent court in accordance with the legal procedures in force.

In the table below, we highlight some of the offences related to labour registration obligations:

DescriptionArticle of the Labour LawDaily Wage (Khmer Riel)Number of days for fineAmount of fine (Khmer Riel)Amount of fine (USD)
 123= 1×2USD 1 = 4,000 Khmer Riels
Failure to declare opening and closing of enterpriseArticles 17 and 1880,000635,040,0001,260
Failure to register enterprise establishment bookArticle 2080,000211,680,000420
Failure to declare staff movement (in) and (out)Article 2180,000423,360,000840
Absence of internal work rulesArticle 2280,000211,680,000420
Failure to apply for visa-in or visa-out in workbook for entry or departure of Cambodian employeesArticle 3780,000211,680,000420
Absence of payroll ledgerArticle 3980,000635,040,0001,260
Failure to conduct election of shop stewards or comply with election proceduresArticle 28380,000635,040,0001,260
Failure to elect shop stewards for next mandateArticle 29280,000635,040,0001,260
Failure to obtain approval of quota for employing foreign employees*Artcle 264200,0006312,600,0003,150
Hiring foreign employees without valid work permitsArticle 372200,0006312,600,0003,150
Foreign National who conducts business in Cambodia without valid work permits including self-employed person*Articles 261 and 382200,00025250,400,00012,600

*For more details on the work permit penalty for foreign national who conducts business in Cambodia including self-employed person without a work permit, please check our article in the following link.

Should you need further information or legal support, please contact us at: [email protected].

The information provided here is for information purposes only and is not intended to constitute legal advice. Legal advice should be obtained from qualified legal counsel for all specific situations.

Raksa Chan

Raksa Chan

Senior Consultant
Senior Consultant
Cambodia

HUSK was founded in 2017 in Cambodia by Heloise Buckland and Carol Rius and produces biochar (a carbon-like byproduct of organic waste materials), carbon-based fertilizers and crop protection products, offering innovative solutions to local farmers. The company has received a USD 5 million capital injection from Mekong Capital, a leading Private Equity fund in Vietnam, which will help fuel its product development and its regional expansion.

DFDL advised Mekong Capital on the transaction, including legal due diligence and advice on regulatory approvals. The DFDL team included partners, Chris Robinson and Vansok Khem, Soromnear Sin and Davin Hor.

In recent weeks, cyber-attacks, particularly ransomware attacks, in Vietnam are on the rise and anticipated to become potentially more complex in the near term, posing a serious risk to both economic and social development activities. Specifically, since late March, Vietnam has witnessed at least three large-scale data encryption attacks targeting major companies such as VnDirect, PVOil, and a telecommunications service provider, along with incidents affecting smaller businesses.

Government agencies assess that hackers continue targeting critical entities with increasingly sophisticated methods. These hacks have the potential to disrupt entire operations, and transactions, making sensitive data irrecoverable once it falls into the hands of hackers.

Given this situation, on 8 April 2024, the Prime Minister of Vietnam issued a directive requesting ministries, sectoral, and local government agencies to review and assess the current cybersecurity situation.

Specifically, the Prime Minister noted and admitted that certain sectors and areas have not implemented cybersecurity regulations effectively, resulting in incidents and potential risks to Vietnam’s cyberspace safety. Consequently, the Prime Minister directed as follows:

  1. Ministers, heads of ministerial-level agencies, and heads of central-affiliated cities and provinces to oversee directly and ensure cybersecurity within their scope of supervision.

  2. State agencies, organizations, and state-owned enterprises are required to review comprehensively and assess the cybersecurity status of systems under their management, as guided by the Ministry of Information and Communications.

  3. In the event of a cyberattack, agencies, organizations, and enterprises are required to report incidents, comply with the coordination and instructions of the National Coordination Agency (i.e. Vietnam Cybersecurity Emergency Response Teams/Coordination Centre – VNCERT/CC), collect and analyze information, address and mitigate incidents, investigate causes and trace origins, and issue statements and disclosures.

  4. The Ministry of Information and Communications is tasked with guiding ministries, sectors, and localities in reviewing and evaluating the cybersecurity status of state agencies, organizations, and enterprises’ information systems prior to 11 April 2024.

With this new directive, as soon as guidance from the Ministry of Information and Communications is sent to businesses, they need to conduct immediately a review of their information systems, and report/notify VNCERT/CC and relevant agencies/parties when any incident occurs that affects their systems in Vietnam.

The information provided is for information purposes only and is not intended to constitute legal advice. Legal advice should be obtained from qualified legal counsel for all specific situations.

Phong Anh Hoang

Phong Anh Hoang

Partner
Partner
Vietnam

We are pleased to announce that DFDL is extending its PRC network of collaborating firms through a cooperation agreement with Leaf, a distinguished law firm renowned for its expertise in Greater China, and offices in Shanghai, Beijing and Paris. Leaf’s Sino-European team has been recognized for its expertise on cross-border M&A transactions, corporate finance and fundraising. Leaf also has a significant cybersecurity and data protection law practice complemented by a team of technical experts. This collaboration initiative will strengthen DFDL’s European Desk and allow us to join a hub of professionals to coordinate work for Asian projects from Europe, both inbound and outbound, with a primary focus on European clients.

Established in 1994, DFDL is a leading international legal, tax and investment advisory firm with a robust presence across South-East Asia, boasting twelve offices across 10 countries including Bangladesh, Cambodia, Indonesia, Lao PDR, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam.  DFDL and Leaf are multi-awarded law firms highly recognized for their knowledge and understanding of the legal and regulatory landscapes within their respective markets.

We are looking forward to this cooperation to expand our business horizons and, most importantly, to ensure that we continuously deliver seamless service to our valued clients.

For additional information, please feel free to contact Guillaume Massin ([email protected]) and Bruno Grangier ([email protected]).

Guillaume Massin

Guillaume Massin

Partner, Head of EU Desk
Partner, Head of EU Desk
Cambodia, Thailand

Enterprises are subject to various labour obligations and filing requirements pursuant to the Labour Law and its implementing regulations.

To assist with your annual labour compliance, we have prepared a detailed compliance calendar that provides information on each requirement, associated penalties and the deadlines for each filing as summarized in the table which can be downloaded here, accompanied with a complimentary annual labour compliance calendar as below. 

Annual Labour Compliance Calendar

Should you need any further information or any support with the forthcoming June inspection, please reach out to us at: [email protected].

The information provided here is for information purposes only and is not intended to constitute legal advice. Legal advice should be obtained from qualified legal counsel for all specific situations.

Raksa Chan

Raksa Chan

Senior Consultant
Senior Consultant
Cambodia

Your quick guide to burning questions you might have about the new PDPD. Who is affected? What do you need to do? Is it compatible with the use of offshore technology such as cloud storage services? And more.

Vietnam’s first-ever comprehensive legal framework dedicated to personal data protection introduces new rules that capture a wide range of entities.

The new rules – officially titled Decree No. 13/2023/ND-CP and referred to as the Personal Data Protection Decree (or PDPD) – were issued on 17 April 2023 and took effect from 1 July 2023.

The PDPD covers:

  • any agency, organization, or individual – whether local or foreign – engaged in the collection and processing of Vietnamese personal data
  • onshore and offshore personal data processing and transfers (anyone transferring Vietnamese citizens’ personal data to a foreign country must submit an offshore transfer impact assessment dossier to the competent State authority).

The PDPD follows hot on the heels of another key new cyberspace regulation in Vietnam, Decree 53 dated 15 August 2022 on the Law on Cybersecurity (12 June 2018).  Understandably, it has triggered a range of queries from potentially affected clients, not least those who use, or are considering the use of, offshore technology like cloud storage services for the handling of their data.

What kind of data is covered, what are the notification and disclosure duties for data controllers and processors, when does data need to be deleted, and is the PDPD even compatible with the use of technology such as offshore cloud services at all?

This legal alert briefly addresses each of these questions.  Many of the PDPD’s provisions are cast in broad terms – they and their intended implementation are not necessarily clear in all respects.  Further guidance on these matters is likely to be forthcoming.  But we consider that a path for compliance with the PDPD can nevertheless be navigated in the meantime, including for the use of offshore cloud storage services.

Of course, the specifics of your circumstances are important. If you would like to discuss those circumstances and your particular path, please contact Kevin Hawkins, Partner at [email protected].

For further information on this subject, we recommend referring to other articles available “Vietnam: Data-Driven Duties”.

To read the full alert, please click on the download button below.

The information provided is for information purposes only and is not intended to constitute legal advice. Legal advice should be obtained from qualified legal counsel for all specific situations.


Kevin Hawkins

Kevin Hawkins

Partner
Partner
Vietnam