The Parliamentary Advisory Council on Science and Technology (CAPCIT) with the aim of making a report on cyber security and privacy for the Parliament of Catalonia has produced a report that does not intend to provide exhaustive information from an analytical point of view of the different types of attacks and mechanisms to protect us, but rather it tries to offer an overview that does not require specific training in the field of IT engineering. The document is structured in two large sections: the first corresponding to cyber security and the second addressed to privacy. Subsequently, a best practice guide and conclusions are included. The cyber security section classifies the most common types of attacks (social engineering, application vulnerabilities, APTs, ransomware), indicating their features, impact and mechanisms for mitigating these attacks. At the request of the petitioner, information on the Pegasus attack has also been added. The privacy section begins by classifying data according to its sensitivity, and introduces the technologies used to protect privacy in a simple way. Subsequently, an indication has been given as to which of these technologies are to be used in the different stages of the information life cycle. Finally, the report indicates which laws allow us to regulate privacy in our environment.