DPO Radio
AesirX Assessments
ASSESSMENTS
Conduct impact assessments and file dossiers with the Ministry of Public Security through a fully managed submission lifecycle
Structured DPIA workflows, cross-border transfer assessments, multi-department section assignment, and regulatory deadline tracking in one module.
Why Assessments Matters
The Vietnam Personal Data Protection Law and Decree 356 require organizations to conduct Data Protection Impact Assessments before processing sensitive personal data, and to file completed dossiers with the Ministry of Public Security (MPS). These are not one-time tasks, they involve multi-department coordination, iterative review cycles, supplementation requests from the authority, and strict statutory deadlines.
Enterprise DPOs (P-VN-01) coordinate these assessments across departments – retail banking, HR, marketing, IT security, procurement – each responsible for completing their assigned sections. When this coordination happens through email and shared documents, sections arrive late, formatting is inconsistent, and the DPO has no reliable way to see which departments have completed their work and which are blocking the submission.
The filing process itself adds complexity. Under Decree 356, dossiers must use specific form templates (Phu luc I for standard DPIAs, Phu luc II for cross-border transfers). Submissions pass through a ten-state lifecycle from draft to acceptance, with the possibility of supplement requests from MPS at any stage. Organizations that manage this lifecycle manually risk missed deadlines, incomplete submissions, and lost correspondence.
Assessments addresses these challenges with structured assessment creation, risk identification with likelihood and impact scoring, multi-department section assignment with individual deadlines, and a full MPS submission lifecycle managed through the DossierFilingService. Regulatory deadline timers provide color-coded countdown badges so stakeholders see at a glance which submissions are on track. The module supports both the DPIA Dossier Filing to MPS workflow (UC-VN-01) and the Cross-Border Transfer Impact Assessment workflow (UC-VN-07), serving DPOs, department data owners, and cross-border transfer leads.
How It Works
DPIA Management
Create, review, and approve Data Protection Impact Assessments with full lifecycle tracking. Each assessment captures the processing activity, data categories involved, risk identification, and mitigation measures – structured to meet PDPL requirements.
Risk Identification and Mitigation Planning
Structured risk identification with likelihood and impact scoring for each processing activity. Mitigation measures are tracked with responsible parties and deadlines, creating a clear record of how identified risks are being addressed.
Cross-Border Transfer Assessments
Specialized assessments for international data transfers that document the legal mechanism, adequacy status, and safeguard type for each transfer. Cross-border assessments link to the relevant vendor and data flow records for complete traceability.
Multi-Department Section Assignment
Divide dossier sections across departments with individual deadlines and contribution tracking. Each department sees only its assigned sections, completes its work independently, and the DPO monitors consolidated progress across all contributors.
Dossier Filing with Form Selection
Package completed assessments into MPS filing cases using the correct regulatory form template. Phu luc I covers standard DPIA dossiers; Phu luc II covers cross-border transfer assessments. Form selection is linked to the assessment type so the right template is applied automatically.
Full MPS Submission Lifecycle
A ten-state machine manages the complete submission process: draft, preparation, submission, authority review, supplementation request, supplement submission, re-review, acceptance, rejection, and withdrawal. Each state transition is recorded with timestamps and actors.
Gap Dashboard
Identifies processing activities that require a DPIA but do not yet have one. The gap view ensures no high-risk processing activity proceeds without the required impact assessment.
Compare the Difference
Without Assessments
With Assessments
Multi-department dossier sections are coordinated through email with no consolidated progress view.
Multi-department section assignment gives each team its own deadline while the DPO monitors consolidated progress.Filing cases are tracked in spreadsheets with no structured state machine for the submission lifecycle.A ten-state submission lifecycle manages every filing case from draft through acceptance with full audit trail.Supplement requests from MPS are handled ad hoc with no lineage linking them to the original submission.Supplement workflows route authority requests back to the relevant departments within the same filing case.Regulatory deadlines are managed through calendar reminders that may be missed or miscalculated.Color-coded deadline timers show submission urgency at a glance across all active filing cases.Gap analysis requires manual cross-referencing of processing activities against completed assessments.The gap dashboard automatically identifies processing activities that require but lack a completed DPIA.Built for Real Compliance Operations
The DossierFilingService manages the complete MPS submission lifecycle through ten defined states, with each transition recorded, creating an auditable chain from draft through acceptance that satisfies regulatory inspection requirements.
Multi-department section assignment with individual deadlines enables parallel contribution from departments like retail banking, HR, marketing, IT security, and procurement, without the coordination overhead of email-based workflows.
Phu luc I and Phu luc II form selection ensures dossiers use the correct regulatory template as prescribed by Decree 356, reducing the risk of rejection due to formatting non-compliance.
Regulatory Framework Support
Framework
How Assessments Supports It
Vietnam Personal Data Protection LawManages the end-to-end DPIA process and MPS dossier filing lifecycle required for organizations processing sensitive personal data under the PDPL.Decree 356 — PDPL Implementation
Supports official form selection (Phu luc I/II), multi-department section coordination, and the full submission lifecycle including supplement flows as specified by Decree 356.
See Assessments in Action
Ready to see how Assessments works with your compliance workflows? Request a personalized demo.
Tu Pham - Country Manager, AesirX
Head of Risk with 15+ years in fintech and banking across ERM, compliance, fraud, audit, and regulatory frameworks.
People Also Ask
When MPS requests additional information on a submitted dossier, the supplement workflow routes the request back to the relevant departments. Each department updates its sections, and the consolidated supplement is resubmitted within the same filing case, preserving the complete history and lineage.
Yes. Multi-department section assignment divides the dossier into sections with individual deadlines. Each department completes its assigned sections independently. The DPO monitors consolidated progress and can see which departments have completed their work and which are outstanding.
Form selection is linked to the assessment type. Standard DPIAs use Phu luc I; cross-border transfer assessments use Phu luc II. The correct template is applied based on the filing case type so submissions meet the presentation standards prescribed by Decree 356.
The lifecycle tracks a filing case through: draft, preparation, submission, authority review, supplementation request, supplement submission, re-review, acceptance, rejection, and withdrawal. Each state transition is recorded with timestamps and the identity of the actor who triggered it.
Each filing case displays a color-coded countdown badge showing its deadline status – on track, approaching, or at risk. Timers are calculated from the statutory deadlines defined for the filing type and are visible to all stakeholders assigned to the case.
Next Steps
Explore the module architecture, then speak with us about the workflows your organization needs to operationalize first.
Start a Compliance Pilot
Test Assessments with your real processing activities – assessments, filing, and deadline tracking included.
Discuss Your Compliance Needs
Walk through your DPIA and MPS filing requirements and see how the module fits your compliance program.
The evolution of Aesir is Aesir + 
(the Norse symbol for Necessity)"Needed in order to achieve a particular result"
♥Join the AesirX Privacy Newsletter. Stay Informed. Stay Compliant.
