“The present guide to treatment practices is addressed and small: “This guide to practices is addressed to small treatment that, sometimes, does not have among its staff, people specialized in security and information and often to agents of their size and small size who occasionally improve it in relation to the processing of personal data, pursuant to articles 46, 47, 48 and 49 of the LGPD”.

The ANPD also presents a checklist, the first material published in this format, with administrative and technical information security measures to contribute to the organization of small-scale treatment agents.

As basic administrative measures for information security, the ANPD indicated the need to (i) prepare an Information Security Policy; (ii) Awareness and Training; and (iii) Contract Management.

As for technical measures, (i) access control; (ii) security of stored personal data; (iii) communications security; (iv) maintenance of a vulnerability management program; (v) measures related to the use of mobile devices; and (vi) measures related to the cloud service.