GDPR · Preparation Kit

GDPR Readiness for Vietnamese Businesses

GDPR preparation materials, from lawful basis assessment, ROPA, to data subject rights workflows. For Vietnamese startups with EU users.

Get pTrackly support →

1. Determine applicability and Lawful Basis

  • Confirm GDPR applies: do you have EU users?
  • Choose lawful basis per purpose: consent / contract / legitimate interest / legal obligation...
  • Health, biometric, political data → explicit consent required
  • Document lawful basis for all processing activities

2. Record of Processing Activities (ROPA)

  • Mandatory if > 250 employees OR processing sensitive data
  • Per processing activity: purpose, data categories, recipients, retention, safeguards
  • Update ROPA when processing activities change
  • ROPA must be available to provide to DPA upon request

3. Data Subject Rights Workflow

  • Access Request: provide data within 30 days
  • Erasure (Right to be Forgotten): delete when no longer lawful basis
  • Data Portability: export data in machine-readable format
  • Objection: stop processing when user objects
  • Build intake form to receive DSRs

4. Data Processing Agreements (DPA)

  • Sign DPA with all processors (cloud, analytics, email, support...)
  • Standard Contractual Clauses (SCCs) for transfers outside EU
  • DPA must include: subject matter, duration, data types, processor obligations
  • Review vendor's sub-processor list

5. Data Breach Notification

  • Notify DPA within 72 hours if breach likely impacts individuals' rights
  • Notify individuals if breach high risk to their rights
  • Document all breaches regardless of notification requirement
  • Breach Assessment: likelihood and severity of impact

pTrackly helps you implement GDPR faster with ready-made templates and automated evidence collection.

Get Free Demo

Ready to get audit-ready?

Book a 15-minute call. See the platform. Decide if it fits.

Book Free Demo 15 min, no commitment
No credit card required Setup in 24 hours Cancel anytime
Book a Demo