GDPR · Preparation Kit
GDPR Readiness for Vietnamese Businesses
GDPR preparation materials, from lawful basis assessment, ROPA, to data subject rights workflows. For Vietnamese startups with EU users.
Get pTrackly support →1. Determine applicability and Lawful Basis
- □ Confirm GDPR applies: do you have EU users?
- □ Choose lawful basis per purpose: consent / contract / legitimate interest / legal obligation...
- □ Health, biometric, political data → explicit consent required
- □ Document lawful basis for all processing activities
2. Record of Processing Activities (ROPA)
- □ Mandatory if > 250 employees OR processing sensitive data
- □ Per processing activity: purpose, data categories, recipients, retention, safeguards
- □ Update ROPA when processing activities change
- □ ROPA must be available to provide to DPA upon request
3. Data Subject Rights Workflow
- □ Access Request: provide data within 30 days
- □ Erasure (Right to be Forgotten): delete when no longer lawful basis
- □ Data Portability: export data in machine-readable format
- □ Objection: stop processing when user objects
- □ Build intake form to receive DSRs
4. Data Processing Agreements (DPA)
- □ Sign DPA with all processors (cloud, analytics, email, support...)
- □ Standard Contractual Clauses (SCCs) for transfers outside EU
- □ DPA must include: subject matter, duration, data types, processor obligations
- □ Review vendor's sub-processor list
5. Data Breach Notification
- □ Notify DPA within 72 hours if breach likely impacts individuals' rights
- □ Notify individuals if breach high risk to their rights
- □ Document all breaches regardless of notification requirement
- □ Breach Assessment: likelihood and severity of impact
pTrackly helps you implement GDPR faster with ready-made templates and automated evidence collection.
Get Free DemoReady to get audit-ready?
Book a 15-minute call. See the platform. Decide if it fits.
Book Free Demo 15 min, no commitment No credit card required Setup in 24 hours Cancel anytime