CNPD Guideline on organizational and security measures

Key aspects

• The National Commission for Data Protection (CNPD) approved its first guideline (Guideline) for 2023 on organizational and security measures for personal data processing.

•  The Guideline has been issued in response to increasing attacks on information systems, particularly during 2022,that due to its  magnitude and complexity have impacted personal data.

•  The attacks are mainly due to (i) infrastructural weaknesses; (ii) users not being trained to detect phishing campaigns; and (iii) data controllers’ lack of awareness of the risks to data subjects' rights, caused by the lack of investment in security mechanisms.