This document outlines security measures for personal data protection. It details three levels of security (high, medium, basic) and corresponding measures for identification, access control, filing, network access, off-site work, backups and more. It also covers procedures for staff training, incident response, audits, and consequences for breaching security. Annexes include file descriptions, authorized personnel, storage media inventories and other aspects of enforcing the security policy.