June

Vietnam's Ministry of Public Security (MoPS) believes that a draft cybersecurity law that requires all foreign online service providers (including Facebook, Google and Twitter) to store their Vietnamese users' data exclusively in Vietnamese data centers will pose serious threats to economic development. Specifically, the department argues that given Vietnam's relatively less-developed IT infrastructure and workforce, data localization would increase the chances of security breaches.

In addition, the department argues that data localization would be detrimental to data privacy, as government agencies could force tech firms to provide them with users' personal information. Even more, it notes that the proposed mandate would result in higher costs of doing business and an even more restricted flow of information.

According to IT Governance's 2017 GDPR Report, less than 10% of organizations have provided GDPR staff awareness training to all employees.

The report also showed that only 53% of organizations are planning to provide GDPR staff awareness training in the future. General training on how to protect personal data should be rolled out to all employees, but those in more sensitive job roles or with more privileged access to data, such as HR, should be given more dedicated training. For example, those employees that manage client data should have specific guidance compared to those handling internal employee data. Even more, HR and legal teams should ensure that their privacy policy is adopted and followed by all employees, including managers.

With five weeks until the new data regulation comes into effect, Geetika Bansal is a senior associate, and Khurram Shamsee a partner, in the employment and pensions group at DAC Beachcroft, offer last-minute advice for HR professionals.

Bansal and Shamsee suggest that "last minute housekeeping" should focus on carrying out an audit of how the personal data of job applicants, employees and contractors is processed, removing consent clauses from employment contracts, updating data privacy notices, and reviewing the contract terms with third parties, such as payroll or benefits providers.

The authors say that for many employers, GDPR "will be a work in progress and should not cause undue concern, it is highly unlikely that the Information Commissioner's Office will be interested in using its resources to pursue businesses that are actively engaging with their GDPR obligations and taking steps to ensure they are compliant".