• Insights

Panama – The impact of the GDPR outside the EU

Panama’s Law 81 regulates personal data protection in line with GDPR standards, creating inalienable rights for data subjects.

With the implementation of the GDPR, many multinational companies from EU countries with branches or subsidiaries in Panama, and companies established in Panama with European clients, have adjusted their privacy policies in order to comply with GDPR standards.

In line with GDPR standards, Panama enacted Law 81 of 26 March 2019, regulating Personal Data Protection, (‘Law 81’), which will enter into effect on 29 March 2021. Before the enactment of Law 81, there were no specific rules that protected personal data, beyond the general principles contained in the Political Constitution, stating that private mail and documents cannot be examined without the owners’ consent or by virtue of a court order for specific purposes in accordance with the law. Moreover, Panama has not signed any treaty aimed at harmonisation with GDPR standards.

Pursuant to Law 81, holders of personal data have the following inalienable rights, without affecting any other legal rights:

  • the right to obtain his or her personal data stored or processed in a public or private institution database;
  • the right to request the correction of personal data that is incorrect, incomplete, irrelevant, outdated, inaccurate, false or impertinent;
  • the right to request the elimination of personal data that is incorrect, incomplete, irrelevant, outdated, inaccurate, false or impertinent;
  • the right, with sound and legitimate reasons related to a particular situation, to refuse to provide personal data or to permit that data be subject to certain treatment, as well as the right to revoke consent; and
  • the right to obtain a copy of personal data in a structured manner in a generic format  use, that permits that the data can be operated by different systems and/or transmitted to another responsible party.


In addition to the above, it is worth noting that Law 81 protects employees’ personal data.  As a result, employers may only collect and process confidential employee information with the employee’s consent.

To the best of our knowledge, no Panamanian organisations have been been fined and no complaints have been filed against Panamanian organisations for GDPR data breaches.