The application of the GDPR by personal data controllers encounters difficulties in understanding some terms. Among these terms is the term “security incident”, often confused with the term homologous to either the ISO 27001 standard or the NIS Directive. The material highlights that the notion of security incident in the GDPR must be interpreted in a legal sense. It implies the existence of a breach of the right to protection of personal data....