English 
Español 
Every 28 January marks International Data Protection Day, a date that invites reflection on the need to safeguard personal information in a world where digital risks are constantly increasing. In Panama, since the enactment of Law 81 of 26 March 2019 (“Law 81”) and its Executive Decree No. 285 of 28 May 2021 (“Executive Decree 285”), the protection of personal data has become an essential pillar for companies, institutions, and professionals who process personal data.
This year, the subject takes on particular relevance with the submission to the National Assembly of Panama of Draft Bill No. 326 of 13 January 2026, which proposes significant amendments to Law 81, strengthening the sanctions regime and improving oversight mechanisms. It is worth noting that this draft bill has already been introduced and is currently in a preliminary discussion phase. It must still undergo three legislative debates, obtain presidential sanction, and be promulgated in the Official Gazette before it can become law.
Among the most relevant amendments proposed in the draft bill are: the increase of fines up to US$100,000.00, the inclusion of processing a minor’s data without consent as a very serious infringement, the calibration of sanctions based on the economic capacity of the offender, and the creation of a Public Register of Offenders, available for three years. These modifications aim to strengthen transparency and promote a responsible culture in the processing of personal data by data controllers.
However, beyond regulatory compliance, experience shows that the key lies in preparedness. When a security incident occurs, decisions must be made quickly, and improvisation can worsen the situation. For this reason, it is essential that organizations have:
- A clear response plan with defined roles.
- An internal support system that enables immediate action (including subject-matter advisors).
- A resilience plan to ensure business continuity.
- Protocols to act and report incidents within the 72-hour period required under current regulations.
- Ongoing training and periodic audits.
On International Data Protection Day, the message is clear: preparedness is the most effective tool to face current challenges. The proposed amendments to Law 81 reflect a more demanding regulatory environment in which transparency, accountability, and proportionality are core elements.
Data protection is not only a legal obligation but also a strategic commitment to preserving the trust, reputation, and continuity of data controllers. An organization that is prepared, resilient, and aware of its responsibilities is better positioned to confront the challenges of an ever‑evolving digital world
For more information on these topics please contact our team:
Kharla Aizpurua O., Partner
Perla Piña, Associate
Arantxa Fernandez, Associate