Under the decree, which details the implementation of the Cybersecurity Law coming into force in 2019, must-be-stored data belonging to and created by users in Viet Nam include account names, credit card information, email and IP addresses, service use time, most recent logins, registered phone numbers, friends and groups users interact with online.
The data must be stored for at least 24 months, and system logs for criminal investigation purposes must be stored for at least 12 months.
Firms will have 12 months to set up local data storage and local offices following reception of instructions from the Minister of Public Security.
Earlier this month, the Government issued a national cybersecurity strategy in response to cyberspace challenges till 2025 with a vision towards 2030.
The strategy targets to maintain Viet Nam's ranking on global cybersecurity index from 25th-30th by 2025.
According to a report released by the ITU in June 2021, Viet Nam jumped 25 places after two years to rank 25th out of 194 countries and territories worldwide in the GCI in 2020.
Viet Nam ranked seventh in Asia-Pacific region and fourth among ASEAN countries in the field.