Information system security remains a major challenge for all companies. But it’s important not to ignore the basics, like the vocabulary of digital law, or the tasks required of the data controller under GDPR. It is important to ensure awareness of security and cybersecurity, acquisition of GDPR-related legal knowledge, and how to interact with the data protection authority.