With the implementation of the GDPR, many multinational companies from EU countries with branches or subsidiaries in Panama, and companies established in Panama with European clients, have adjusted their privacy policies in order to comply with GDPR standards.
In line with GDPR standards, Panama enacted Law 81 of 26 March 2019, regulating Personal Data Protection, (‘Law 81’), which will enter into effect on 29 March 2021. Before the enactment of Law 81, there were no specific rules that protected personal data, beyond the general principles contained in the Political Constitution, stating that private mail and documents cannot be examined without the owners’ consent or by virtue of a court order for specific purposes in accordance with the law. Moreover, Panama has not signed any treaty aimed at harmonisation with GDPR standards.
Pursuant to Law 81, holders of personal data have the following inalienable rights, without affecting any other legal rights:
In addition to the above, it is worth noting that Law 81 protects employees’ personal data. As a result, employers may only collect and process confidential employee information with the employee’s consent.
To the best of our knowledge, no Panamanian organisations have been been fined and no complaints have been filed against Panamanian organisations for GDPR data breaches.