CMC Technology Group's report shows that, in order to implement policies and laws on personal data protection, the Group has added a commitment to personal data protection to contracts signed with partners, customers, third parties and employees and publicly announced it on the company's website. Notify data subjects of personal data collection before executing contracts and transactions. Review the technical system to ensure that the technical system is sufficient to meet safety standards and regulations.

The member units have established a personal data protection department and appointed a DPO with different names. Periodically organize training for all employees on personal data protection procedures and regulations and information security. Delete all customer data from the Data Center and cloud computing infrastructure after the customer terminates the service contract and is clearly specified in the contract...

During the past time, the Group has not recorded any violations related to personal data processing; there have been no complaints, complaints or requests for handling related to violations of personal data rights from users, customers, or authorities.

Commenting on the draft Law on Personal Data Protection, the Group proposed amending Articles 8 and 18 to clarify that rights such as deletion, restriction of processing, or consent requirements do not apply to data that has been completely de-identified. Add to Clause 1, Article 27: "Personal data used for research and development of artificial intelligence, blockchain, etc. must be exempted from obligations to carry out the declared processing purposes".

In addition, it is proposed to clarify whether the consent of the data subject is the employee or includes those whose information the employee provides in the employment record (for example, information about parents, spouses, children, siblings, etc.). In cases where the consent of the data subject is required in general, it is necessary to add a provision: The employee is responsible for obtaining the consent of the data subject and ensuring that the data subject has consented.

Specifically, amend Clause 3, Article 31 as follows: "Developers are organizations or individuals participating in designing, developing, or providing technology products and services in the fields of health information and insurance, and must fully comply with regulations on personal data protection, professional responsibility, ethical standards, and regulations on medical products when processing personal data"...

Speaking at the meeting, Deputy Chairman of the National Defense, Security and Foreign Affairs Committee Nguyen Minh Duc highly appreciated the performance of CMC Technology Group; stating that the Group has basically built an internal legal framework compatible with the policies and regulations on personal data protection issued and has invested heavily in data center infrastructure with international standards.

At the same time, we share the current difficulties with the Group, such as: the cost of hiring specialized personnel or personal data protection service units; the volume and complexity of personal data, so IT, telecommunications, and data center enterprises must invest in very expensive personal data protection infrastructure...

In the spirit of carefully and thoroughly drafting the Law on Personal Data Protection, the Vice Chairman of the National Defense, Security and Foreign Affairs Committee acknowledged the opinions and recommendations of the Group; stating that the Committee will study and absorb them so that when the Law is promulgated, it will meet the requirements of protecting personal data rights; prevent acts of personal data infringement, affecting the rights and interests of individuals and organizations; and enhance the responsibility of agencies, organizations and individuals.

Source: https://daibieunhandan.vn/doan-khao-sat-cua-uy-ban-quoc-phong-an-ninh-va-doi-ngoai-lam-viec-voi-tap-doan-cong-nghe-cmc-post410653.html