UEH Issues Personal Data Protection Policy, Strengthening Governance and Elevating Security Standards for Stakeholders
05 Mar, 2026
In accordance with the Law on Personal Data Protection No. 91/2025/QH15 and related legal documents, the University of Economics Ho Chi Minh City (UEH) has officially issued its Personal Data Protection Policy under Decision No. 488/QĐ-ĐHKT-BĐCLKSNB, affirming the University's strong commitment to governance and to building a safe, transparent university environment amid the era of comprehensive digital transformation.
A Critical Step in Standardizing Digital University Governance
Personal data is embedded throughout UEH's entire operational system: admissions, training, accreditation, examination, learner/alumni and human resources management, finance, scientific research, domestic and international cooperation, information system operations, event organization, and more.
The Personal Data Protection Policy at UEH represents a necessary strategic step toward elevating governance standards in the direction of transparency, accountability, and people-centeredness, while simultaneously laying the foundation for the UEH community and partners to engage with confidence in the University's processes and digital platforms.
Framework of Principles for Personal Data Protection at UEH
Comprehensive Scope of Application Across the Data Lifecycle
The Policy applies to all personal data processing activities arising in the course of UEH's operations – from collection, storage, and use to provision, sharing, transfer, and deletion or destruction. This end-to-end approach enables UEH to manage data consistently, mitigate risks, and enhance transparency in university operations.
Clear Compliance Responsibilities Within the UEH Ecosystem
Data subjects include individuals whose data is generated at UEH: candidates, learners/alumni, job applicants, officials, employees, partners, experts, guests, and others.
At the same time, UEH's member and affiliated units, officials, employees, partners, suppliers, and third parties engaged through contracts or agreements with UEH all bear compliance responsibilities. This contributes to building a synchronized "security chain," eliminating gaps throughout the data processing cycle.
Transparent Processing Principles, Data Minimization, and Access Control
Personal data processing at UEH is carried out in accordance with the principles of legal compliance, transparency, controlled management, and data security – aligned with each stage of the personal data processing lifecycle. The principle of data minimization is enforced, ensuring that only the data necessary for each stated purpose is collected and processed.
The University is also committed to implementing protective measures such as access authorization, system access control, user account management, access logging, data backup, and other safeguards to prevent unauthorized access, data loss, leakage, or unauthorized modification.
Controlled Sharing and Transfer, Elevated Standards for Partner Collaboration
Data sharing and transfer are carried out on the basis of stated purposes, within the minimum necessary scope, and in compliance with security requirements. UEH also requires data recipients to commit through contracts or agreements to the purpose and scope of processing, confidentiality obligations, prohibition of misuse, and cooperation with the University in incident response.
In addition to deploying technical and organizational measures, UEH conducts periodic risk assessments and establishes plans for incident prevention, control, and response. These measures are integrated into internal processes, technology systems, and personal data compliance awareness training.
Safeguarding Data Subject Rights and Enforcement Support Mechanisms
Data subjects hold important rights, including: the right to be informed; the right to consent, withhold consent, and withdraw consent (except in cases where the law permits processing without consent); the right to access and correct data; the right to request provision, deletion, restriction of processing, or objection to processing; and the right to file complaints, report violations, initiate legal proceedings, and seek compensation when their rights are infringed.
In parallel, UEH designates a focal point – the Department of Quality Assurance and Internal Control – to receive, support, and coordinate the handling of related requests and incidents, ensuring consistent policy enforcement throughout the entire system.
At the same time, data subjects bear the obligation to protect their own data, respect the data of others, provide complete, accurate, and up-to-date personal data, comply with the law, and participate in preventing and combating activities that infringe upon personal data.
View the full Personal Data Protection Policy HERE
The issuance of the Personal Data Protection Policy marks a critical step for UEH in consolidating its digital governance foundation while affirming the University's commitment to building a safe, trustworthy, and transparent university environment for the UEH community and its partners. All UEHers are encouraged to proactively stay informed, comply with, and collaborate in the implementation of this policy, contributing to the wider adoption of UEH's modern governance standards in the digital environment.
News and Image: Department of Communications and Partnerships, Department of Quality Assurance and Internal Control
![[Research Contribution] Modernizing and Elevating Vietnamese Higher Education: Creating Breakthroughs in High-Caliber Human Resource Development and Talent Cultivation, Leading Research and Innovation](/images/upload/thumbnail/ueh-thumbnail-639083193174001549.png)
![[Research Contribution] Sustainable Manufacturing: A Driving Force for the Green Economy and the Challenges Ahead](/images/upload/thumbnail/ueh-thumbnail-639082294182922007.png)
