Peru Legal Mini-FAQ — Employee Monitoring, Consent, Notice and Proportionality
Wolfeye Editorial Team • Last updated: 22 September 2025
In Peru, employee monitoring on company devices must be transparent, proportionate and tied to a legitimate purpose. Peru’s Personal Data Protection Law (Ley 29733) and its current Regulation require clear privacy notices, purpose limitation, appropriate safeguards and respect for ARCO rights. Register relevant personal-data banks, set short retention and document international transfers.
Country snapshot
Topic | At a glance |
Primary privacy law | Ley 29733, Ley de Protección de Datos Personales. |
Current Regulation | Reglamento de la Ley 29733 updated in Nov 2024 (DS 016-2024-JUS). |
Authority | Autoridad Nacional de Protección de Datos Personales (ANPD) under MINJUSDH. |
Registration | Register personal-data banks in the National Registry (RNPDP) before processing. |
Telework framework | Ley 31572 and DS 002-2023-TR regulate telework and require written policy. |
Key links: Ley 29733 (official PDF) • Regulation update Nov 29, 2024 (DS 016-2024-JUS) • Register a personal-data bank (RNPDP) • ANPD portal • Telework Regulation DS 002-2023-TR
Mini-FAQ for Peru
Do we need employee consent to monitor company devices
Peruvian law is consent-centric, but processing can also rely on other legal bases recognized in the Regulation and guidance. For workplace monitoring, obtain informed notice at minimum and consider consent in onboarding. Avoid sensitive-data capture.
Is a privacy notice required
Yes. Provide a clear notice describing purposes, legal basis, data categories, recipients and transfers, retention, ARCO rights and contact channels. Keep it accessible and reference it in telework policies.
What does proportionality mean
Use the least intrusive method that achieves a legitimate aim, limit to work hours, prefer sampling over continuous recording and restrict access to admins.
Must we register our databases
Yes. Controllers must register personal-data banks with the RNPDP before processing. Keep the registry updated.
Are cross-border transfers allowed
Yes with safeguards. Inform data subjects and use approved contractual clauses or transfer mechanisms. Peru issued implementation guidance for international transfers. Avoid transfers to countries lacking adequate protection unless you have appropriate safeguards or consent.
What are ARCO rights and timelines
ARCO stands for Access, Rectification, Cancellation and Opposition. Provide a request channel, verify identity and respond within legal deadlines. Document outcomes and update or delete data where applicable.
How long can we retain monitoring data
Only as long as needed for the stated purpose or legal obligation. Adopt a written schedule, set short defaults such as 14 to 30 days for routine monitoring and extend only for incidents.
Can we monitor personal or BYOD devices
Prefer company devices. If BYOD is permitted, containerize work profiles, limit collection to corporate apps and allow users to disable monitoring off duty.
Does telework law affect monitoring
Yes. Telework rules require a written policy. Align your monitoring scope, tools, schedules and support channels with that policy and your privacy notice.
Implementation checklist
- Register relevant personal-data banks in the RNPDP.
- Publish an employee privacy notice and a telework policy that reference monitoring scope and tools.
- Limit monitoring to company devices and work apps. Disable outside work hours.
- Set short retention defaults for screenshots and recordings. Log admin access and exports.
- Map international transfers and use contractual safeguards. Maintain a processor inventory.
- Provide an ARCO request channel and train managers on respectful, lawful monitoring.
Try Wolfeye with safeguards in place
Wolfeye: This short video shows a quick demo
Sources and citations
- Ley 29733 official PDF – https://www.leyes.congreso.gob.pe/documentos/leyes/29733.pdf
- Regulation update Nov 2024 – MINJUSDH press note – https://www.gob.pe/institucion/minjus/noticias/1067368-ejecutivo-aprueba-nuevo-reglamento-de-la-ley-de-proteccion-de-datos-personales
- Register a personal-data bank (RNPDP) – https://www.gob.pe/8060-inscribir-banco-de-datos-en-el-registro-nacional-de-proteccion-de-datos-personales
- ANPD portal – https://www.gob.pe/autoridad-nacional-de-proteccion-de-datos-personales
- Telework Law – Ley 31572 – https://www.gob.pe/institucion/congreso-de-la-republica/normas-legales/3460247-31572
- Telework Regulation – DS 002-2023-TR – https://www.gob.pe/institucion/mtpe/normas-legales/3980720-002-2023-tr
- International transfers guidance – https://www.gob.pe/institucion/minjus/noticias/663844-peru-aprueba-guia-de-implementacion-para-la-transferencia-internacional-de-datos-personales-en-linea-con-estandares-internacionales
- Practitioner overview – DLA Piper Peru data protection – https://www.dlapiperdataprotection.com/index.html?c=PE&t=law