Assistance to the Data Controller. 1. Taking into account the nature of the processing, the Data Processor shall assist the Data Controller by appropriate technical and organisational measures, insofar as this is possible, in the fulfilment of the Data Controller’s obligations to respond to requests for exercising the data subject’s rights laid down in Chapter III GDPR. This entails that the Data Processor shall, insofar as this is possible, assist the Data Controller in the Data Controller’s compliance with:
a. the right to be informed when collecting personal data from the data subject
b. the right to be informed when personal data have not been obtained from the data subject c. the right of access by the data subject
Assistance to the Data Controller. 1. Taking into account the nature of the processing, the Data Processor assists the Data Controller by appropriate technical and organisational measures, insofar as this is possible, in the fulfilment of the Data Controller’s obligations to respond to requests for exercising the Data Subject’s rights laid down in Chapter III GDPR.
2. This entails that the Data Processor should, insofar as this is possible, assist the Data Controller in the Data Controller’s compliance with:
a. the right to be informed when collecting personal data from the Data Subject
b. the right to be informed when personal data have not been obtained from the Data Subject
c. the right of access by the Data Subject
d. the right to rectification
e. the right to erasure (‘the right to be forgotten’)
f. the right to restriction of processing
g. notification obligation regarding rectification or erasure of personal data or restriction of pro- cessing
h. the right to data portability
i. the right to object j. the right not to be subject to a decision based solely on automated processing, including profiling
3. In addition to the Data Processor’s obligation to assist the Data Controller pursuant to Term 6.4, the Data Processor should furthermore, taking into account the nature of the processing and the infor- mation available to the Data Processor, assist the Data Controller in ensuring compliance with:
a. the Data Controller’s obligation to without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the competent supervisory authority (‘The Danish Data Protection Agency’), unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons;
b. the Data Controller’s obligation to without undue delay communicate the personal data breach to the Data Subject, when the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons;
c. the Data Controller’s obligation to carry out an assessment of the impact of the envisaged processing operations on the protection of personal data (a data protection impact assess- ment);
d. the Data Controller’s obligation to consult the competent supervisory authority, the Danish Data Protection Agency, prior to processing where a data protection impact assessment in- dicates that the processing would result in a high risk in the absence of measures taken by the Data Controller to mitigate the risk.
4. The appro...
Assistance to the Data Controller. 1. Taking into account the nature of the processing, the data processor shall assist the data controller as far as possible by appropriate technical and organisational measures in compliance with the data controller's obligation to respond to requests for the exercise of data subjects' rights as set out in Chapter III of the General Data Protection Regulation. This means that, to the extent possible, the data processor must assist the data controller in complying with:
a. the duty to inform the data subject when personal data is collected from the data subject;
b. the duty to inform the data subject if personal data has not been obtained from the data subject;
c. the right of access;
d. the right of rectification;
e. the right of erasure ("the right to be forgotten");
f. the right to restriction of processing;
g. the duty to inform in connection with the correction or deletion of personal data or restriction of processing;
h. the right to data portability;
i. the right to object;
j. the right not to be the subject of a decision based solely on automatic processing, including profiling
2. Taking into account the nature of the processing and the information available to the data processor, the data processor shall also assist the data controller with the following:
a. the obligation of the data controller to report the breach of personal data security to the competent supervisory authority, the X, without undue delay and, if possible, no later than 72 hours after the breach, unless it is unlikely that the breach of personal data security poses a risk to natural persons' rights or freedoms
b. the obligation of the data controller to notify the data subject of a breach of personal data security without undue delay when the breach is likely to entail a high risk to the rights and freedoms of natural persons
c. the obligation of the data controller to carry out an analysis of the consequences of the intended processing activities for the protection of personal data prior to processing (impact assessment)
d. the data controller's obligation to consult the competent supervisory authority, the X, before processing if an impact analysis regarding data protection shows that the processing will lead to a high risk in the absence of measures taken by the data controller to limit said risk.
3. The Parties shall set out in Annex C the necessary technical and organisational measures with which the data processor is to assist the data controller, as well as the extent of t...
Assistance to the Data Controller. 3.1 The Data Processor shall insofar as this is possible – within the scope and the extent of the assistance specified below – assist the Data Controller in accordance with Clause 9.1 and 9.2 by implementing the following technical and organisational measures:
3.1.1 If the Data Controller receives a request for the exercise of one of the rights of the data subjects in accordance with applicable data protection law, and a proper reply to the request requires assistance from the Data Processor, the Data Processor shall assist the Data Controller with the necessary and relevant information and documentation as well as appropriate technical and organizational security measures.
3.1.2 If the Data Controller needs the Data Processor’s assistance in order to reply to a request from a data subject, the Data Controller must send a written requst for assistance to the Data Processor and the Data Processor shall in response provide the necessary help or documentation as soon as possible and no later than 7 calendar days after receiving the request.
3.1.3 If the Data Processor receives a request for the exercise of the rights pursuant to applicable data protection law from other persons than the Data Controller, and the request concerns personal data processed on behalf of the Data Controller, the Data Processor shall without undue delay forward the request to the Data Controller.
Assistance to the Data Controller. The Data Processor shall provide assistance so that the Data Controller can safeguard its own responsibility according to applicable laws and regulations, including assisting the Data Controller by: • Implementing technical and organizational measures as mentioned previously • Complying with reporting obligations to supervisory authorities and registered persons in the case of any deviations • Performing privacy impact assessments • Engaging in early discussions with supervisory authorities when an assessment of privacy implications makes it necessary • Informing the Data Controller if the Data Processor considers that an instruction from Data Controller is in violation of relevant privacy policies. Assistance as mentioned above shall be performed to the extent required by the Data Controller's need, the nature of the processing and the information available to Data Processor, cf. Regulation Article 28 (3) (f).
Assistance to the Data Controller. 7.1 The Data Processor agrees to provide reasonable and timely assistance to Data Controller to enable Data Controller to respond to: (a) any request from a Data Subject to exercise any of its rights under the applicable Data Protection Laws (including its rights of access, correction, objection, and erasure, as applicable); and (b) any other correspondence, inquiry or complaint received from a Data Subject, regulator, or authorized third party in connection with the processing of the Personal Data. If any such request, correspondence, inquiry, or complaint is made directly to Data Processor, Data Processor shall promptly inform Data Controller and provide full details of the same.
7.2 The Data Processor will reasonably cooperate with Data Controller to enable Data Controller to conduct any data protection impact assessment that it is required to undertake under applicable Data Protection Laws.
Assistance to the Data Controller. The data processor shall insofar as this is possible – within the scope and the extent of the assistance specified below – assist the data controller in accordance with Clause 8.1. and 8.2. by implementing the following technical and organizational measures: In general, the data controller may accommodate data subject requests in the data processor’s platform directly without the assistance from the data processor. Should the assistance from the data processor be required then the data controller must compensate the data processor for any time spent on this in accordance with the data processor’s current hourly rate for IT support.
Assistance to the Data Controller. 1. The Data Processor, taking into account the nature of the processing, shall, as far as possi- ble, assist the Data Controller with appropriate technical and organisational measures, in the fulfilment of the Data Controller’s obligations to respond to requests for the exercise of the data subjects’ rights pursuant to Chapter 3 of the General Data Protection Regula- tion. This entails that the Data Processor should as far as possible assist the Data Controller in the Data Controller’s compliance with:
a. notification obligation when collecting personal data from the data subject
b. notification obligation if personal data have not been obtained from the data sub- ject
c. right of access by the data subject
d. the right to rectification e. the right to erasure (‘the right to be forgotten’)
f. the right to restrict processing
g. notification obligation regarding rectification or erasure of personal data or re- striction of processing
h. the right to data portability i. the right to object j. the right to object to the result of automated individual decision-making, including profiling
2. The Data Processor shall assist the Data Controller in ensuring compliance with the Data Controller’s obligations pursuant to Articles 32-36 of the General Data Protection Regu- lation taking into account the nature of the processing and the data made available to the Data Processor, cf. Article 28, sub-section 3, para f.
a. the obligation to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk associated with the processing
b. the obligation to report personal data breaches to the supervisory authority (Xxx- ish Data Protection Agency) without undue delay and, if possible, within 72 hours of the Data Controller discovering such breach unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons
c. the obligation – without undue delay - to communicate the personal data breach to the data subject when such breach is likely to result in a high risk to the rights and freedoms of natural persons
d. the obligation to carry out a data protection impact assessment if a type of pro- cessing is likely to result in a high risk to the rights and freedoms of natural persons e. the obligation to consult with the supervisory authority (Danish Data Protection Agency) prior to processing if a data protection impact assessment shows that the processing will lead to high risk in the ...
Assistance to the Data Controller.
6.1 When requested, the Data Processor shall assist the Data Controller with the fulfilment of the rights of the data subjects under Chapter III of the GDPR through appropriate technical or organisational measures. The obligation to assist the Data Controller solely applies insofar as this is possible and appropriate, taking into consideration the nature and extent of the processing of personal data under the Main Agreement.
6.2 Without undue delay, the Data Processor shall forward all enquiries that the Data Processor may receive from the data subject concerning the rights of said data subject under the Applicable Privacy Policy to the Data Controller. Such enquiries may only be answered by the Data Processor when this has been approved in writing by the Data Controller.
6.3 The Data Processor must assist the Data Controller in ensuring compliance with the obligations pursuant to Articles 32-36 of GDPR, including providing assistance with personal data impact assessments and prior consultations with the Norwegian Data Protection Authority, in view of the nature and extent of the processing of personal data under the Main Agreement.
6.4 If the Data Processor, at the request of the Data Controller, provides assistance as described in sections 6.1 or 6.3, and the assistance goes beyond what is necessary for the Data Processor to fulfil its own obligations under the Applicable Privacy Policy, the Data Processor may claim all documented costs related to the assistance be reimbursed. The assistance will be reimbursed in accordance with the price provisions of the Main Agreement.
Assistance to the Data Controller. 1. The Data Processor, taking into account the nature of the processing, shall, as far as possible, assist the Data Controller with appropriate technical and organisational measures, in the fulfilment of the Data Controller’s obligations to respond to requests for the exercise of the data subjects’ rights pursuant to Chapter 3 of the General Data Protection Regulation.
2. The Data Processor shall assist the Data Controller in ensuring compliance with the Data Controller’s obligations pursuant to Articles 32-36 of the General Data Protection Regulation taking into account the nature of the processing and the data made available to the Data Processor, cf. Article 28, sub-section 3, para f. This entails that the Data Processor should, taking into account the nature of the processing, as far as possible assist the Data Controller in the Data Controller’s compliance with:
a. the obligation to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk associated with the processing
b. the obligation to report personal data breaches to the supervisory authority (Danish Data Protection Agency) without undue delay and, if possible, within 72 hours of the Data Controller discovering such breach unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons
c. the obligation – without undue delay - to communicate the personal data breach to the data subject when such breach is likely to result in a high risk to the rights and freedoms of natural persons
d. the obligation to carry out a data protection impact assessment if a type of processing is likely to result in a high risk to the rights and freedoms of natural persons e. the obligation to consult with the supervisory authority (Danish Data Protection Agency) prior to processing if a data protection impact assessment shows that the processing will lead to high risk in the lack of measures taken by the Data Controller to limit risk
