Assistance to the Data Controller Sample Clauses
Assistance to the Data Controller. 1. Taking into account the nature of the processing, the Data Processor assists the Data Controller by appropriate technical and organisational measures, insofar as this is possible, in the fulfilment of the Data Controller’s obligations to respond to requests for exercising the Data Subject’s rights laid down in Chapter III GDPR.
2. This entails that the Data Processor should, insofar as this is possible, assist the Data Controller in the Data Controller’s compliance with:
a. the right to be informed when collecting personal data from the Data Subject
b. the right to be informed when personal data have not been obtained from the Data Subject
c. the right of access by the Data Subject
d. the right to rectification
e. the right to erasure (‘the right to be forgotten’)
f. the right to restriction of processing
g. notification obligation regarding rectification or erasure of personal data or restriction of pro- cessing
h. the right to data portability
i. the right to object j. the right not to be subject to a decision based solely on automated processing, including profiling
3. In addition to the Data Processor’s obligation to assist the Data Controller pursuant to Term 6.4, the Data Processor should furthermore, taking into account the nature of the processing and the infor- mation available to the Data Processor, assist the Data Controller in ensuring compliance with:
a. the Data Controller’s obligation to without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the competent supervisory authority (‘The Danish Data Protection Agency’), unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons;
b. the Data Controller’s obligation to without undue delay communicate the personal data breach to the Data Subject, when the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons;
c. the Data Controller’s obligation to carry out an assessment of the impact of the envisaged processing operations on the protection of personal data (a data protection impact assess- ment);
d. the Data Controller’s obligation to consult the competent supervisory authority, the Danish Data Protection Agency, prior to processing where a data protection impact assessment in- dicates that the processing would result in a high risk in the absence of measures taken by the Data Controller to mitigate the risk.
4. The appro...
Assistance to the Data Controller. 1. Taking into account the nature of the processing, the Data Processor shall assist the Data Controller by appropriate technical and organisational measures, insofar as this is possible, in the fulfilment of the Data Controller’s obligations to respond to requests for exercising the data subject’s rights laid down in Chapter III GDPR. This entails that the Data Processor shall, insofar as this is possible, assist the Data Controller in the Data Controller’s compliance with:
a. the right to be informed when collecting personal data from the data subject
b. the right to be informed when personal data have not been obtained from the data subject c. the right of access by the data subject
Assistance to the Data Controller. 9.1. Taking into account the nature of the processing, the data processor shall assist the data controller by appropriate technical and organisational measures, insofar as this is possible, in the fulfilment of the data controller’s obligations to respond to requests for exercising the data subject’s rights laid down in Chapter III GDPR.
9.2. In addition to the data processor’s obligation to assist the data controller pursuant to Clause 6.3 above., the data processor shall furthermore, taking into account the nature of the processing and the information available to the data processor, assist the data controller in ensuring compliance with:
a. The data controller’s obligation to without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the competent supervisory authority, being the Information Commissioner’s Office (ICO). This shall apply unless the personal data breach does not result in impact upon the data subject equal to and beyond that which is prescribed by the risk rating guidance for subject notification in the Data Processors Data Breach Policy.
b. the data controller’s obligation to without undue delay communicate the personal data breach to the data subject, when the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons;
c. the data controller’s obligation to carry out an assessment of the impact of the envisaged processing operations on the protection of personal data (a data protection impact assessment);
d. the data controller’s obligation to consult the competent supervisory authority, prior to processing where a data protection impact assessment indicates that the processing would result in a high risk in the absence of measures taken by the data controller to mitigate the risk.
9.3. The data processor shall assist the controller in meeting its obligations in clauses 9.1. and 9.2. above by:
a. keeping personal data secure;
b. notifying personal data breaches to the supervisory authority;
c. notifying personal data breaches to data subjects;
d. carrying out data protection impact assessments (DPIAs) when required; and
e. consulting the supervisory authority where a DPIA indicates there is a high risk that cannot be mitigated.
Assistance to the Data Controller. The Data Processor shall provide assistance so that the Data Controller can safeguard its own responsibility according to applicable laws and regulations, including assisting the Data Controller by: • Implementing technical and organizational measures as mentioned previously • Complying with reporting obligations to supervisory authorities and registered persons in the case of any deviations • Performing privacy impact assessments • Engaging in early discussions with supervisory authorities when an assessment of privacy implications makes it necessary • Informing the Data Controller if the Data Processor considers that an instruction from Data Controller is in violation of relevant privacy policies. Assistance as mentioned above shall be performed to the extent required by the Data Controller's need, the nature of the processing and the information available to Data Processor, cf. Regulation Article 28 (3) (f).
Assistance to the Data Controller. 3.1 The Data Processor shall insofar as this is possible – within the scope and the extent of the assistance specified below – assist the Data Controller in accordance with Clause 9.1 and 9.2 by implementing the following technical and organisational measures:
3.1.1 If the Data Controller receives a request for the exercise of one of the rights of the data subjects in accordance with applicable data protection law, and a proper reply to the request requires assistance from the Data Processor, the Data Processor shall assist the Data Controller with the necessary and relevant information and documentation as well as appropriate technical and organizational security measures.
3.1.2 If the Data Controller needs the Data Processor’s assistance in order to reply to a request from a data subject, the Data Controller must send a written requst for assistance to the Data Processor and the Data Processor shall in response provide the necessary help or documentation as soon as possible and no later than 7 calendar days after receiving the request.
3.1.3 If the Data Processor receives a request for the exercise of the rights pursuant to applicable data protection law from other persons than the Data Controller, and the request concerns personal data processed on behalf of the Data Controller, the Data Processor shall without undue delay forward the request to the Data Controller.
Assistance to the Data Controller. (a) The processor shall inform the data controller without delay of any request he has received from the data subject. He shall not himself comply with such a request, unless authorized to do so by the data controller.
(b) The processor shall assist the controller in fulfilling its obligation to respond to requests from data subjects to exercise their rights, taking into account the nature of the processing. In fulfilling its obligations under points (a) and (b), the processor complies with the controller's instructions.
(c) In addition to the processor's obligation to assist the controller under clause 8(b), the processor shall also assist the controller in ensuring compliance with the following obligations, considering the nature of the processing and the information available to the processor:
(1) the obligation to carry out an assessment of the impact of proposed processing operations on the protection of personal data ("data protection impact assessment") when a type of processing is likely to present a high risk to the rights and freedoms of natural persons;
(2) the obligation to consult the competent supervisory authority(ies) prior to processing where a data protection impact assessment indicates that the processing would present a high risk if the controller did not take steps to mitigate the risk;
(3) the obligation to ensure that personal data is accurate and up to date, by informing the controller without delay if the processor becomes aware that the personal data it is processing is inaccurate or has become obsolete.
(4) the obligations set out in Article 32 of Regulation (EU) 2016/679.
Assistance to the Data Controller. 1. The Data Processor, taking into account the nature of the processing, shall, as far as possi- ble, assist the Data Controller with appropriate technical and organisational measures, in the fulfilment of the Data Controller’s obligations to respond to requests for the exercise of the data subjects’ rights pursuant to Chapter 3 of the General Data Protection Regula- tion. This entails that the Data Processor should as far as possible assist the Data Controller in the Data Controller’s compliance with:
a. notification obligation when collecting personal data from the data subject
b. notification obligation if personal data have not been obtained from the data sub- ject
c. right of access by the data subject
d. the right to rectification e. the right to erasure (‘the right to be forgotten’)
f. the right to restrict processing
g. notification obligation regarding rectification or erasure of personal data or re- striction of processing
h. the right to data portability i. the right to object j. the right to object to the result of automated individual decision-making, including profiling
2. The Data Processor shall assist the Data Controller in ensuring compliance with the Data Controller’s obligations pursuant to Articles 32-36 of the General Data Protection Regu- lation taking into account the nature of the processing and the data made available to the Data Processor, cf. Article 28, sub-section 3, para f.
a. the obligation to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk associated with the processing
b. the obligation to report personal data breaches to the supervisory authority (Xxx- ish Data Protection Agency) without undue delay and, if possible, within 72 hours of the Data Controller discovering such breach unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons
c. the obligation – without undue delay - to communicate the personal data breach to the data subject when such breach is likely to result in a high risk to the rights and freedoms of natural persons
d. the obligation to carry out a data protection impact assessment if a type of pro- cessing is likely to result in a high risk to the rights and freedoms of natural persons e. the obligation to consult with the supervisory authority (Danish Data Protection Agency) prior to processing if a data protection impact assessment shows that the processing will lead to high risk in the ...
Assistance to the Data Controller. The data processor shall insofar as this is possible – within the scope and the extent of the assistance specified below – assist the data controller in accordance with Clause 8.1. and 8.2. by implementing the following technical and organizational measures: In general, the data controller may accommodate data subject requests in the data processor’s platform directly without the assistance from the data processor. Should the assistance from the data processor be required then the data controller must compensate the data processor for any time spent on this in accordance with the data processor’s current hourly rate for IT support.
Assistance to the Data Controller. 7.1 The Data Processor agrees to provide reasonable and timely assistance to Data Controller to enable Data Controller to respond to: (a) any request from a Data Subject to exercise any of its rights under the applicable Data Protection Laws (including its rights of access, correction, objection, and erasure, as applicable); and (b) any other correspondence, inquiry or complaint received from a Data Subject, regulator, or authorized third party in connection with the processing of the Personal Data. If any such request, correspondence, inquiry, or complaint is made directly to Data Processor, Data Processor shall promptly inform Data Controller and provide full details of the same.
7.2 The Data Processor will reasonably cooperate with Data Controller to enable Data Controller to conduct any data protection impact assessment that it is required to undertake under applicable Data Protection Laws.
Assistance to the Data Controller.
6.1 When requested, the Data Processor shall assist the Data Controller with the fulfilment of the rights of the data subjects under Chapter III of the GDPR through appropriate technical or organisational measures. The obligation to assist the Data Controller solely applies insofar as this is possible and appropriate, taking into consideration the nature and extent of the processing of personal data under the Main Agreement.
6.2 Without undue delay, the Data Processor shall forward all enquiries that the Data Processor may receive from the data subject concerning the rights of said data subject under the Applicable Privacy Policy to the Data Controller. Such enquiries may only be answered by the Data Processor when this has been approved in writing by the Data Controller.
6.3 The Data Processor must assist the Data Controller in ensuring compliance with the obligations pursuant to Articles 32-36 of GDPR, including providing assistance with personal data impact assessments and prior consultations with the Norwegian Data Protection Authority, in view of the nature and extent of the processing of personal data under the Main Agreement.
6.4 If the Data Processor, at the request of the Data Controller, provides assistance as described in sections 6.1 or 6.3, and the assistance goes beyond what is necessary for the Data Processor to fulfil its own obligations under the Applicable Privacy Policy, the Data Processor may claim all documented costs related to the assistance be reimbursed. The assistance will be reimbursed in accordance with the price provisions of the Main Agreement.