Answers / Vietnam market

What does Vietnam's Personal Data Protection Decree (PDPD) mean for F&B loyalty programs?

Written by PEKO Team.Last updated: 2026/05/21.

PDPD (Decree 13/2023) requires Vietnamese F&B operators to obtain explicit consent before processing personal data, notify the Ministry of Public Security for sensitive data, and honour deletion within set windows. Loyalty platforms must surface compliant consent flows by default.

Published: 2026/05/09

Decree 13/2023, effective July 2023, is Vietnam's first comprehensive data-protection regime. For F&B loyalty programs, the practical impact is similar to GDPR: explicit consent before processing, granular purpose limitation, and customer right to access and deletion.

Two PDPD-specific things F&B operators should know: (1) cross-border transfers (e.g. running loyalty data through a server outside Vietnam) require an impact assessment filed with the Ministry of Public Security, (2) sensitive data (health, biometrics) gets stricter handling — most F&B programs don't touch sensitive data, which keeps compliance simple.

FAQ

Does PDPD apply to a 1-location café?

Yes — PDPD applies to any organisation processing personal data of Vietnamese citizens, regardless of size. The compliance burden scales with volume.

Can I use a non-Vietnamese loyalty platform?

Yes, but cross-border transfer requires an impact assessment. PEKO operates with Vietnam-resident data hosting to remove this requirement entirely.

Calculate your PEKO ROI →

What does Vietnam's Personal Data Protection Decree (PDPD) mean for F&B loyalty programs?

FAQ

Does PDPD apply to a 1-location café?

Can I use a non-Vietnamese loyalty platform?

Related

People also read

What is the best loyalty program for cafés in Vietnam?

Zalo OA vs SMS vs email for restaurant marketing in Vietnam — which wins?

AOV trung bình ở quán F&B Việt Nam là bao nhiêu?