Panama’s PDPL

Operationalize PDPL compliance with the most comprehensive PrivacyOps platform

Last Updated on ديسمبر 4, 2023

Schedule Your
Personal Demo

Learn how you can leverage Securiti’s Data Command Center to address data security, privacy, governance, and compliance.

See a demo
Schedule your demo today

Panama’s Personal Data Protection Law (PDPL), also known as Law 81 of 2019, came into effect on March 29, 2021, along with its implementing regulations (PDPL Regulations).

The law establishes several principles, rights, obligations, and procedures that regulate the protection of the personal data of natural persons in the Republic of Panama. The law provides individuals a degree of control over their personal data processed by businesses through different data rights. In addition, it also places critical obligations upon organizations to ensure responsible and appropriate use of the individuals’ personal data.

The National Authority for Transparency and Access to Information (ANTAI) oversees law enforcement. Violations of the PDPL can lead to penalties ranging from one thousand balboas (B/.1,000.00) to ten thousand balboas (B/.10,000.00), depending on the severity of the offense.


The Solution

Securiti empowers all organizations to ensure compliance with each provision of PDPL with the help of its plethora of products, which include, but are not limited to, AI-driven data discovery, DSR automation, universal consent management, autonomous documented accountability, data breach management, and vendor risk assessment.

The solutions mentioned above are backed up by state-of-the-art artificial intelligence and machine-learning-based algorithms, making Securiti a market leader in providing data compliance and governance solutions.

Panama’s PDPL Solutiion

See how our comprehensive PrivacyOps platform helps you comply with various sections of the Panama’s PDPL.

Request a demo today to learn how Securiti can aid your and your organization's compliance with Panama’s Personal Data Protection Law (PDPL).


Assess PDPL Readiness

PPDPL Article 3, PPDPL Article 5, PPDPL Regulations Article 2

Automate the timely internal assessments of all data collection and processing-related activities, mechanisms, and processes to ensure they remain compliant with the law. Appropriate changes can be implemented proactively to address any blind spots adequately.

Panama PDPL Readiness securiti
Panama Map Data Discover Sensitive Personal Information securiti

Map Data to Discover Sensitive Personal Information

PPDPL Article 4(11)

Leverage dedicated data mapping, classification, and cataloging modules to ensure you gain real-time insights related to your organization’s data infrastructure.

Automate Data Classification & Labeling

PPDPL Article 4(6), PPDPL Article 4(7), PPDPL Article 4(8), PPDPL Article 4(9), PPDPL Article 4(10), PPDPL Article 4(11)

Classify & label data without your organization's data infrastructure to ensure appropriate security controls are enabled on the most sensitive data in your organization. Leverage the same module to identify sensitive files such as consent forms and financial statements and record them under appropriate categories.

Panama Automate Data Classification Labeling securiti
Panama Automate Data Subject Rights Requests securiti

Automate Data Subject Rights Requests

PPDPL Article 15, PPDPL Article 16, PPDPL Article 17, PPDPL Article 19

Automate the entire process related to fulfilling consumer data rights requests and gain real-time updates on the status of each request via the central dashboard.

Continuous Monitoring & Tracking

PPDPL Governance

Ensure absolute compliance with the appropriate regulatory requirements via deep insights into all data subjects’ consent statuses via the central dashboard. This allows for any potential processing or transfer of data to occur only per the relevant consent requirements.

Panama Continuous Monitoring Tracking securiti
Panama Automate People Data Graph securiti

Automate People Data Graph

PPDPL Governance

Discover personal information stored across all your internal and external systems within the organization and link them back to a unique data subject. Also, visualize personal data sprawl and identify compliance risks.

Automate Data Protection Impact Assessment (DPIA)

PPDPL Regulations Article 41

Automate the execution of a data protection impact assessment (DPIA) to ensure it is conducted at regular intervals, giving you ample time, data, and insights to take appropriate actions if necessary.

Panama Automate Data Protection Impact Assessment securiti
Panama Manage Vendor Risk securiti

Manage Vendor Risk

PPDPL Article 14, PPDPL Regulations Article 47

Keep track of all the organization's third-party vendors' data processing activities in real-time to ensure their data processing practices in relation to the data shared with them comply with the applicable legal requirements.

Assess Data Protection Measures & Enable Appropriate Security Controls

PPDPL Article 2(5), PPDPL Regulations Article 36

Leverage several data security-oriented products and modules, such as access controls and identity management, to instill appropriate controls to ensure all data with your organization's data infrastructure is always adequately protected.

Panama Assess Data Protection Measures securiti
Panama Automate Records of Processing Activities securiti

Automate Records of Processing Activities (RoPA)

​​PPDPL Regulations Article 35

Track data flows in and out of your organization's data infrastructure, trace this data, and catalog, transfer, and document business process flows internally and to service providers or third parties. These insights can then be used to automate the generation of a record of processing activities (RoPA) to comply with all necessary documentation-related regulatory requirements.

Breach Response Notification

PPDPL Regulations Article 37

Automate data breach response notifications to all concerned stakeholders as soon as legally obliged by leveraging a knowledge database on security incident diagnosis and response.

Panama Breach Response Notification securiti
Panama Privacy Policy Notice Management securiti

Privacy Policy & Notice Management

​​PPDPL Regulations Article 14, PPDPL Regulations Article 15, PPDPL Regulations Article 16

Automate the generation of a privacy policy that adequately informs individuals about your organization's data processing practices while fully complying with all applicable law provisions.

Monitor & Track Consent

PPDPL Article 10, PPDPL Article 11, PPDPL Article 12, PPDPL Article 25

Ensure absolute compliance with the appropriate regulatory requirements via deep insights into all data subjects’ consent statuses via the central dashboard. This allows for any potential processing or transfer of data to occur only per the relevant consent requirements.

Panama Monitor Track Consent securiti
Panama Enable Opt out Mechanisms securiti

Enable Opt-out Mechanisms

​​PPDPL Article 15(4), PPDPL Regulations Article 19

Leverage DSR automation modules to receive and proactively register any data subject opt-out requests and address such requests with global privacy controls (GPC).

Key Rights Under Panama’s PDPL

Right of Access

Data subjects have the right to request access to their personal data that is stored or subject to processing in databases of public or private institutions, in addition to knowing the origin and purpose for which they have been collected.


Right of Rectification

Data subjects have the right to request correction to any personal data collected on them that has since become incorrect, irrelevant, incomplete, outdated, inaccurate, false, or irrelevant.


Right of Cancellation

Data subjects have the right to request the deletion of any personal data that has, since its collection, become incorrect, irrelevant, incomplete, outdated, inaccurate, false, or irrelevant.


Right of Opposition

Data subjects have the right to reject requests related to the collection of their personal data, have them subject to a certain treatment, and revoke their consent to any previous data collection.


Right of Portability

Data subjects have the right to request a copy of their personal data in a structured manner, in a generic and commonly used format, which allows it to be operated by different systems and/or transmitted to another controller.

Facts About PDPL

1

The PDPL may have extra-territorial applications in cases where the data processing is carried out for online commercial activities aimed at the Panamanian market.

2

The National Authority for Transparency and Access to Information (ANTAI), through the Directorate for the Protection of Personal Data, is the primary control authority related to the enforcement of the PDPL.

3

The National Authority for Government Innovation provides secondary support in aspects related to Information and Communication Technologies.

4

Financial penalties for violations of this law can lead to penalties ranging from one thousand balboas (B/.1,000.00) to ten thousand balboas (B/.10,000.00), depending on the severity of the offense.

5

The violations of the PDPL are categorized into three levels of offenses: minor, serious, and very serious.

IDC MarketScape

Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software

Read the Report

What's
New