DPO Radio
AesirX ComplianceOne
AESIRX COMPLIANCEONE
Turn Privacy Obligations Into Structured, Operational Control
A Vietnam-first platform connecting governance workflows, risk management, compliance evidence, and consent enforcement in one unified system.
Why Compliance Governance Matters for Businesses in Vietnam
Vietnam’s regulatory frameworks require organizations to demonstrate operational compliance, not just publish policies. Regulators and enterprise partners increasingly expect structured records, clear workflows, and exportable evidence.
What’s Changing for Organizations
Compliance must be operational
Policies alone are no longer enough. Organizations must maintain documented processes, registers, and audit trails.
Evidence must be provable
Regulators and procurement teams expect structured compliance documentation and exportable evidence.
Governance must cover the full data lifecycle
Consent, rights requests, vendor oversight, and cross-border transfers must all be documented and controlled.
Key Regulations Driving These Requirements
Personal Data Protection Law 91/2025/QH15 (PDPL 2025)
Requires documented privacy programs, legal basis, processing records, DSAR handling, and accountability.
Decree 356/2025/ND-CP (implementing PDPL)
Requires operational compliance controls, consent management, retention rules, and auditable workflows.
Law on Data 60/2024/QH15 (“Data Law”)
Requires governance of data flows, classification, vendor oversight, and cross-border transfer controls.
A Vietnam-first Privacy Governance Platform
The AesirX ComplianceOne is a unified platform for managing privacy governance, evidence, and compliance workflows.
A Connected Governance System
Not a collection of tools, but one operational platform linking consent enforcement, rights handling, vendor oversight, and audit trails.
Evidence Built Into Every Action
Every approval, assessment, transfer, and deletion generates structured, exportable documentation by default.
Made for Vietnam’s Regulatory Environment
Self-hosted deployment, local infrastructure options, cross-border documentation, and governance workflows aligned to Vietnam’s evolving enforcement expectations.
Key Benefits
Strengthening privacy governance across your organization
Compliance You Can Prove
Move from scattered docs and emails to structured logs and exportable evidence for audits and procurement reviews.
Structured Rights Request Handling
Manage DSR/DSAR cases with clear timelines, identity checks, and documented responses, reducing operational risk while meeting response obligations.
Clear Cross-Border Transfer Documentation
Record international data transfers with approvals and change history, providing clear documentation for regulator review.
Consistent Risk & DPIA Assessments
Run repeatable impact assessments with version control and approvals, enabling structured risk management across teams.
Controlled Vendor Governance
Track processors and vendors with documented oversight and deletion controls aligned to enterprise risk expectations.
Full Audit Visibility
Capture traceable logs of approvals, exports, access, and deletions, with optional high-assurance immutability as programs mature.
Vietnam-First Hosting & Data Control
Deploy self-hosted or through Vietnam-based infrastructure partners to maintain local data control and simplify regulatory requirements.
One Connected Compliance System
Link website consent enforcement directly to governance workflows, connecting front-end controls with back-end evidence.
Clear Ownership & Accountability
Assign responsibilities, track approvals, and maintain decision history across departments to reduce compliance gaps.
Core Capabilities
AesirX ComplianceOne’s key features support end-to-end privacy governance and evidence-based compliance for Vietnam’s enterprises.
Modules
Data Privacy and Rights
Rights Requests
Data Mapping
Consent Governanced
Consent Properties
Access Accountability
Deletion Orchestration
Vendor & Third-Party Man.
Vendor Governance
Vendor Risk
Connectors
Risk and Assessment
DPIA & Assessments
Data Classification
Data Discovery
Privacy Scanner
Monitoring Programs
Program Governance
Operations and Automation
Incident Response
Compliance Forms
Task Management
Incident Operations
Localization
Onboarding
Platform & Administration
Audit Trail
Organizations (Multi-org)
Partner Workspace
Dashboard
Platform
Help Center
Legend
light
standard
enterprise
core
Regulatory Frameworks
Personal Data & Privacy
Personal Data Protection Law (91/2025/QH15)
Decree 356/2025/ND-CP (PDPL implementation)
MPS A05 Admin Procedures (Decision 778/QD-BCA-A05)
Vietnam Data Law
Cybersecurity
Vietnam Law on Cybersecurity
Decree 53 - Cybersecurity Law implementation
Law on Cybersecurity (116/2025/QH15)
State Secrets 2025 - IP localization & indentification (Implementing Decree)
AI & Emerging Tech
Vietnam AI Law (effective 01 Mar 2026)
E-commerce
Law in Electronic Commerce (122/2025/QH15)
Telecom & Legacy
Vietnam Telecommunications Law 2023
Vietnam Personal Data Protection Law (legacy)
Decree 113- PDPL Operational Baseline
Legend
active
draft
upcoming
superseded
Book a Demo
Tu Pham - Country Manager AesirX
Head of Risk with 15+ years in fintech and banking across ERM, compliance, fraud, audit, and regulatory frameworks.
How To Get Started
1
PURCHASE A LICENSE
Choose the ComplianceOne plan that fits your organization. After purchase, you receive a secure link to download the installer.
2
DOWNLOAD THE INSTALLER
Use your license link to download the ComplianceOne installer package for deployment in your environment.
3
RUN THE START WIZARD
Launch the installer and run the Start Wizard to activate your license and configure your organization settings.Enterprise Licensing
Light
$8000/ year
Core Platform:
+ 6 Compliance Modules:
10 Power Users
Standard
$20,000/ year
Includes Partner Workspace so law firms & consultancies can operate in controlled workspaces alongside enterprise clients.
All 26 Modules:
Unlimited Users
Enterprise
$36,000/ year
All 26 Modules:
Unlimited Users
People Also Ask
Many global compliance tools are designed around EU GDPR requirements and do not address Vietnam’s specific expectations for evidence formats, data residency, and operational linkage.
In practice, this creates several gaps. Rights request processes are often unstructured, vendor governance and cross-border transfer documentation are managed in separate systems, and consent enforcement is disconnected from internal workflows. As a result, organizations struggle to produce clear, audit-ready evidence such as structured records, timelines, approvals, and exportable compliance documentation.
Traditional compliance tools mainly store documents, policies, or checklists. AesirX ComplianceOne (the first Vietnam data protection compliance platform) is designed as an operational system that manages workflows, approvals, risk assessments, and evidence generation in real time. Instead of collecting documentation after activities occur, compliance evidence is automatically created and linked to each action, such as consent records, approvals, and data governance decisions. Essentially, AesirX ComplianceOne is a PDPL compliance solution.
Yes. Vietnam’s Personal Data Protection Law (PDPL) and its implementing decree have extraterritorial scope, meaning they apply not only to Vietnamese organizations but also to foreign companies that process the personal data of Vietnamese citizens or residents, even if the processing occurs outside Vietnam.
In practice, this means the law can apply if a foreign company operates a website used in Vietnam, collects personal data from Vietnamese users, or processes their data through platforms, analytics tools, or cross-border services.
Vietnam’s privacy framework is defined by three key laws:
- Personal Data Protection Law 91/2025/QH15 (PDPL 2025)
The core privacy law governing how organizations collect, process, and protect personal data, including requirements for consent, rights handling, and accountability.
- Decree 356/2025/ND-CP (implementing the PDPL)
Provides detailed rules on how the PDPL must be applied in practice, including consent standards, data transfer conditions, and compliance documentation requirements.
- Law on Data 60/2024/QH15 (Data Law)
Establishes broader rules for managing data assets in Vietnam, including classification, security, and oversight of data sharing and cross-border use.
Businesses must obtain clear user consent before tracking or collecting personal data. Website tools such as cookies, pixels, and analytics can only operate with explicit consent, and personal data must be controlled, documented, and protected, especially when shared with third parties or transferred across borders.
A true Vietnam privacy compliance platform should do more than store documents, it should actively manage your compliance operations end to end. This means automating consent collection and enforcement, structuring data subject rights workflows, documenting cross-border transfer approvals, and generating audit-ready evidence at every step.
Many businesses assume any data protection tool will meet Vietnam's requirements, but the PDPL and its implementing decree have specific expectations around consent standards, accountability records, and operational linkage between systems.
A purpose-built privacy governance platform Vietnam businesses can rely on connects these requirements directly to your internal workflows, so compliance evidence is created in real time, not assembled retroactively when an audit or enforcement action arises.
For organizations operating in or targeting Vietnam, this operational readiness is the difference between demonstrating compliance and simply claiming it.
A Data Subject Access Request (DSAR) is a formal request from an individual exercising their rights under Vietnam's PDPL, such as the right to access, correct, delete, or restrict the processing of their personal data. Managing these requests correctly is both a legal obligation and an operational challenge. Under the PDPL, organizations must:
- Acknowledge and verify the request: confirm the identity of the requestor and log the submission with a timestamp and reference record.
- Assess the request type: determine which right is being exercised (access, rectification, erasure, portability, objection, or withdrawal of consent) and if exemptions apply.
- Coordinate internally: locate the relevant personal data across systems, involve appropriate teams (IT, legal, operations), document each step of the review process.
- Respond within the required timeframe: Vietnam's framework sets expectations for timely responses. Failure to respond or unjustified delays can constitute a breach.
- Produce a structured response: deliver the outcome to the data subject with clear documentation, and retain a complete record of the request, assessment, and resolution for audit purposes.
Where DSAR volumes are high or data is distributed across multiple systems, manual processes create significant risk. A Vietnam privacy management software solution like AesirX ComplianceOne structures the entire DSAR lifecycle so nothing falls through the cracks
Vietnam's PDPL (Law 91/2025/QH15) took effect January 1, 2026. Core obligations include obtaining specific, informed consent for each processing purpose; appointing a Data Protection Officer; submitting a Data Processing Impact Assessment within 60 days of starting processing; documenting cross-border transfers; and reporting data breaches to authorities within 72 hours.
Keeping all of this audit-ready is where a PDPL compliance software Vietnam solution like AesirX ComplianceOne makes the biggest practical difference.
The evolution of Aesir is Aesir + 
(the Norse symbol for Necessity)"Needed in order to achieve a particular result"
♥Join the AesirX Privacy Newsletter. Stay Informed. Stay Compliant.
