Data Protection in The Workplace

In Panam√°, the Data Protection Law (Law No.81 of March 26, 2019) is coming into effect on March 29, 2021, affecting employers’ workplaces with new responsibilities.

As an employer, you must:

  1. Be aware of the information gathered from the employees;
  2. Classify this information in Personal Information and Sensitive Information;
  3. Determining the reason why the employer collected such information from the employees;
  4. Be transparent with employees about such grounds and the purpose and objective of the employees’ data collection;
  5. Be careful in gathering the data that is necessary for the labor relationship;
  6. Keep employee’s data updated;
  7. Implementing suitable procedures and creating or updating internal body of rules to include Data Protection regulations;
  8. Preventing employees from avoiding inappropriate use and management of the employee’s data.
  9. Make sure that employees are aware of the sanctions related to the improper use of employer’s data.



Teleworking Law No. 126, of February 18, 2020, ruled by Executive Decree No.133 of September 16, 2020, includes obligations to the workplace relationship parties.


  1. Inform the teleworker of the internal policies and regulations on the protection of data used and processed by the teleworker for professional purposes, following current legislation on this matter.
  2. Inform teleworker about restrictions on the use of computer equipment or tools, as well as sanctions that could apply if the limits are not respected.
  3. Inform the teleworker of the placement of any control system. This system will be proportional to the objective that seeks to be protected, and it can never be mechanisms that violate the personal or family privacy of the teleworker or third parties.
  4. Provide, install and maintain the equipment necessary for the job, and provide the technical support service that this equipment requires.


  1. Please comply with data protection regulations and restrictions according to the Law and relate to the information it handles under its functions.
  2. Preserve and safeguard with due diligence the equipment, computer tools, and programs safely provided by the employer and not allow third-parties not authorized by the employer.
  3. Immediately notify the employer of any loss, theft, theft, or improper use of the equipment and programs in the manner provided for in the company’s internal regulations.



  • Employer:

On the part of the employer, he/she could face complaints before the National Authority for Transparency and Access to Information and even before the Civil Jurisdiction for damages, as this is a right enshrined in a Data Protection law.

  • Employee:

According to what the employer has determined in its internal regulations, the consequences will be that you may be subject to reprimands or sanctions such as suspension of your work.



  • In the workplace, my recommendation is that all employers take note of the new provisions and proceed with updating their internal work regulations or internal policies if they do not have rules, and at the same time that they train their staff in this regard, informing employees about new provisions and the possible penalties that may lead non-compliance.
  • I strongly recommend entering into confidentiality agreements that bind employees to keep sensitive, confidential, and personal data of the employers and company.

Lourdes Bishop


Related practices