Experts at the forum titled 'Personal Data Protection Law: Challenges and Compliance Solutions for FDI Enterprises', held in Hà Nội on Friday. — Photo vietnamplus.vn

HÀ NỘI — Foreign-invested enterprises (FDI) in Việt Nam are under growing pressure to strengthen data security and comply with tightening legal requirements, as cyber threats escalate and new regulations on personal data protection take effect.

These challenges were highlighted at the forum titled 'Personal Data Protection Law: Challenges and Compliance Solutions for FDI Enterprises', held in Hà Nội on Friday. The event was jointly organised by FSI Investment, Trade and Technology Development JSC, FSI Data Protection and Recovery Centre (FSI DDS) and Japan’s DDS company.

The forum attracted more than 150 participants, including representatives from regulatory agencies, technology and legal experts and leaders of FDI enterprises, particularly Japanese businesses operating in Việt Nam.

According to the National Cyber Security Association, about 52 per cent of businesses in Việt Nam experienced cyberattacks in 2025. Notably, not only small firms but also organisations with well-developed security systems have become targets.

Lieutenant Colonel Nguyễn Đình Đỗ Thi, deputy head of the Advisory Division under the Ministry of Public Security’s Department of Cyber Security and High-Tech Crime Prevention, emphasised that data is increasingly becoming a “gold mine” for hackers.

For FDI enterprises, risks are even greater due to the large volume of high-value data they handle, including research and development (R&D) data, technical designs, customer information and supply chain data. Cross-border data transfers between Vietnamese subsidiaries and parent companies are also considered a key vulnerability that increases the risk of data leaks.

At the same time, Việt Nam’s legal framework on data protection is becoming more comprehensive and stringent. Regulations such as Decree 13/2023/NĐ-CP require businesses not only to protect data but also to demonstrate their ability to control and process data in compliance with the law.

The Personal Data Protection Law also sets out clear penalties for violations, with fines for data breaches reaching up to VNĐ3 billion (US$114,000), or 5 per cent of annual revenue.

In this context, FDI enterprises face a 'dual pressure' – protecting data from increasingly sophisticated cyberattacks while ensuring strict compliance with new legal requirements.

Nguyễn Hùng Sơn, vice chairman of FSI, said FDI firms are among the most exposed groups in the business community, as they must simultaneously comply with global standards from parent corporations and adapt to tightening domestic regulations. In addition, growing demands from customers and partners for transparency, data security and compliance are forcing businesses to strengthen their data governance capabilities.

Experts at the forum also pointed out that one of the biggest gaps in current security systems is the lack of control over data at the 'output stage', when information leaves internal systems.

Kumagai, a representative of Japan’s DDS company with more than 20 years of experience in data recovery and protection, compared cybersecurity to the human immune system. He noted that while traditional tools such as firewalls, unified threat management (UTM) systems and antivirus software are essential, they can only defend against known threats.

“With around 120 million new malware samples created and spread each day globally, traditional protection layers are no longer sufficient,” he said, stressing the need for an additional layer to monitor and control outbound data to prevent leaks.

In response, FSI and FSI DDS introduced F-DDH BOX, a solution aimed at preventing data loss at exit points. Unlike traditional tools focused on external threats, it monitors internal data flows, detects unusual activity, issues real-time alerts and helps prevent leaks even if systems are compromised.

According to the company, the solution is based on Japanese technology and can be deployed as a standalone hardware device without major changes to existing IT systems, providing an additional layer of protection while supporting data compliance.

Experts said that as cybersecurity risks become more complex and compliance demands more stringent, businesses need to shift from a mindset of 'attack prevention' to 'comprehensive data control', combining technology, processes and governance to ensure data security and sustainable operations. — BIZHUB/VNS