Personal Data Protection Regulation in Panama

After a long wait, Panama recently regulated the Personal Data Protection Law (Law 81 of 2019).

By way of Executive Decree 285 of 2021, Panama developed, among other things, the minimum requirements that Data Controllers must comply with when collecting information as well as the conditions under which the consent of the Data Subjects must be obtained.

In addition, Decree 285 created new considerations, such as the obligation to notify Data Subjects in the event of personal data breaches and the option for private companies to have a Data Protection Officer.

Some of the most innovative aspects of Decree 285 include the implementation of the procedures to exercise ARCO Rights, as well as data portability.

Finally, Decree 285 grants regulators of specialized matters (telecommunications, banking, insurance, etc.) a period of 9 months, which expires on February 28, 2022, to establish within their regulations all the protocols, processes and procedures which their regulated subjects must adhere to in order to comply with the precepts of Law 81.

You may access a copy of the Executive Decree at the following link.

For further information on the subject, please contact Beatriz Cabal at becabal@gala.com.pa