On March 25th, Rabiloo successfully hosted the webinar "Personal Data in the Context of Digital Transformation." Featuring experts in law, IT operations, and project management, the event drew significant attention from businesses looking for a practical way to manage and protect personal data in today’s digital landscape.
A Multi-Dimensional View: From Legal Compliance to Practical Execution
In the race to go digital, companies have many paths to build their tech systems. But regardless of the model, the core requirements remain the same: scalability, efficient data management, and long-term stability.
With the Personal Data Protection Law (No. 91/2025/QH15) and Decree No. 356/2025/NĐ-CP officially taking effect on January 1, 2026, handling personal data is no longer just a technical challenge—it’s a critical compliance hurdle that every business must clear.
The webinar featured experts from diverse professional backgrounds, each bringing a unique perspective to create a more comprehensive picture of the personal data challenge within businesses.
Personal Data: A Legal Perspective and Systems Implementation
This webinar was organized to provide businesses with a comprehensive, "360-degree" view of personal data in the digital age. It wasn't just about interpreting the law; it was about how those regulations actually live and breathe within system deployment, infrastructure, and software development.
During the session, Rabiloo’s experts broke down current legal requirements, pointed out common pitfalls in tech deployment, and highlighted what businesses need to watch out for when building operational platforms that are "compliant by design."
Speaking at the event, Ms. Chu Thi Thu Ha - Head of Legal - stressed that data protection shouldn't be treated as a standalone "to-do" list. Instead, it must be woven into the very fabric of how a company collects, stores, and uses data every day.
"Compliance isn't just about what's written in your internal policies; it has to show up in the way you actually design your processes and run your systems," she noted.
Ms. Chu Thi Thu Ha - Head of Legal at Rabiloo - shared insights on personal data from a legal perspective
From this perspective, the data protection puzzle moves beyond just having "internal rules." It opens up much bigger questions: Where is our data actually sitting? Which systems is it passing through? Who has the keys? And most importantly - how is all of that being monitored in real-time? This practical shift set the stage for the next deep dive into infrastructure and technical processing.
How is Personal Data Stored and Processed Within the Infrastructure?
Moving from legal theory to technical reality, Mr. Duong Duc Trung - Deputy Head of Engineering - took the stage to clarify how personal data actually "lives" and moves through a company’s data infrastructure.
From a technical standpoint, Mr. Trung pointed out that data risks don't just happen in a vacuum. Instead, they can surface at any point in the information processing lifecycle - from storage and access control to system integration and data utilization.
"When data flows through multiple systems, departments, and access points, the challenge is no longer just 'where' we store it, but 'how' we control access, processing, and protection throughout its journey," he shared.
Mr. Duong Duc Trung - Deputy Head of Engineering at Rabiloo - shared insights on data control, storage, and protection within infrastructure systems
In practice, personal data often sits across various layers: on-premise servers, cloud systems, business software, integration platforms, and operational tools. When data is scattered like this, management can't just focus on a single storage point; it becomes a matter of governing the entire data flow across the system.
This becomes even more critical for businesses using offshore infrastructure (outside Vietnam) or connecting data across various platforms. In these cases, the bar for control is raised significantly. Businesses need to look beyond the location of the data and ask: Who is accessing it? To whom is it being shared? And what mechanisms are in place to keep it secure throughout its entire stay in the system?
From an infrastructure perspective, data protection isn't just an "add-on" feature at the end. It must be baked into the system's design from the very start. And as we look deeper into how these systems are built, the role of the software development team becomes the next crucial piece of the puzzle.
Personal Data Through the Lens of a Project Manager
When it comes to product execution, Ms. Ta Thi Nguyet - Project Manager - offered insights from the front lines of software development. She argued that data protection must be addressed during the discovery and system design phases, rather than being treated as a "final touch-up" before launch.
Ms. Ta Thi Nguyet - Project Manager at Rabiloo - emphasized that data protection should be prioritized from the early stages of software development
According to her, “If data protection is treated as an add-on after the system is built, businesses will face significant challenges in managing risks, along with much higher costs for later fixes.”
This means that from the very moment requirements are gathered, the development team needs to be crystal clear on:
What data is being collected?
For what specific purpose?
Who has the right to access it?
How long will it be stored?
What mechanisms are needed to support data control and protection in daily operations?
From a PM’s perspective, protecting personal data isn't just a compliance "tick-box"; it’s a fundamental part of product design thinking and risk management throughout the Software Development Life Cycle (SDLC). When these requirements are set correctly from day one, businesses can build systems that are not only high-performing but also secure and manageable in the long run.
Rabiloo continues to empower businesses in their data and digital transformation journey
To wrap up the session, Mr. Nguyen Xuan Tien - COO of Rabiloo - shared a real-world case study from one of Rabiloo’s recent projects. This provided a clear roadmap of how data protection requirements are practically integrated into both system building and daily operations. His presentation helped attendees connect the dots between legal mandates, technical solutions, and internal processes. He emphasized that personal data protection must be viewed as a core pillar of a company’s sustainable operational strategy.
Mr. Nguyen Xuan Tien - COO of Rabiloo shared a practical case study, offering attendees a clearer view of how personal data is protected in real-world business environments
Through this webinar, Rabiloo aimed to provide businesses with practical, operational insights for their digital transformation journey - especially regarding data management and protection, a topic that is becoming increasingly vital for long-term growth.
Rabiloo would like to extend our heartfelt thanks to the speakers, guests, and all attendees for joining us. Your active engagement and real-world discussions are what drive Rabiloo to continue organizing professional sharing events. We look forward to partnering with you on the journey to build secure, efficient, and sustainable technology systems.
