Common use of DATA CONTROLLER OBLIGATIONS Clause in Contracts

DATA CONTROLLER OBLIGATIONS. Each Party shall in relation to the Processing of the Personal Data comply with its respective obligations under the Data Protection Laws. Without limiting the generality of the obligation set out in Paragraph 1.2.1, in particular, each Party shall: where required to do so make due notification to the ICO; ensure it is not subject to any prohibition or restriction which would: prevent or restrict it from disclosing or transferring the Personal Data to the other Party as required under this Agreement; prevent or restrict it from granting the other Party access to the Personal Data as required under this Agreement; or prevent or restrict either Party from Processing the Personal Data, as envisaged under this Agreement; ensure that all fair processing notices have been given (and/or, as applicable, consents obtained) and are sufficient in scope to enable each Party to Process the Personal Data as required in order to obtain the benefit of its rights and to fulfil its obligations under this Agreement in accordance with the Data Protection Laws; ensure that all Personal Data disclosed or transferred to, or accessed by, the other Party is accurate and up-to-date, as well as adequate, relevant and not excessive to enable either Party to Process the Personal Data as envisaged under this Agreement; ensure that appropriate technical and organisational security measures are in place sufficient to comply with at least the obligations imposed on the Controller by the Security Requirements: notify the other Party promptly, and in any event within forty-eight (48) hours of receipt of any Data Subject Request or ICO Correspondence which relates directly or indirectly to the Processing of Personal Data under, or in connection with, this Agreement and together with such notice, provide a copy of such Data Subject Request or ICO Correspondence to the other Party and reasonable details of the circumstances giving rise to it. In addition to providing the notice referred to in this Paragraph 1.2.2(f), each Party shall provide the other Party with all reasonable co-operation and assistance required by the other Party in relation to any such Data Subject Request or ICO Correspondence; use reasonable endeavours to notify the other Party if it is obliged to make a disclosure of any of the Personal Data under any statutory requirement, such notification to be made in advance of such disclosure or immediately thereafter unless prohibited by law; notify the other Party in writing without undue delay and, in any event, within twenty-four (24) hours of it becoming aware of any actual or suspected Personal Data Breach in relation to the Personal Data received from the other Party and shall, within such timescale to be agreed by the Parties (acting reasonably and in good faith): implement any measures necessary to restore the security of compromised Personal Data; and support the other Party to make any required notifications to the ICO and/or other equivalent relevant Regulator and affected Data Subjects; take reasonable steps to ensure the reliability of any of its personnel who have access to the Personal Data; not do anything which shall damage the reputation of the other Party or that Party's relationship with the Data Subjects; not transfer any Personal Data it is processing to a Restricted Country; hold the information contained in the Personal Data confidentially and under at least the conditions of confidence as such Party holds Personal Data Processed by it other than the Personal Data;

DATA CONTROLLER OBLIGATIONS. Each Party shall in relation to the Processing of the Personal Data comply with its respective obligations under the Data Protection Laws. Without limiting the generality of the obligation set out in Paragraph 1.2.12.2.1, in particular, each Party shall: where required to do so make due notification to the ICO; ensure it is not subject to any prohibition or restriction which would: prevent or restrict it from disclosing or transferring the Personal Data to the other Party as required under this Agreement; prevent or restrict it from granting the other Party access to the Personal Data as required under this Agreement; or prevent or restrict either Party from Processing the Personal Data, as envisaged under this Agreement; . ensure that all fair processing notices have been given (and/or, as applicable, consents obtained) and are sufficient in scope to enable each Party to Process the Personal Data as required in order to obtain the benefit of its rights and to fulfil its obligations under this Agreement in accordance with the Data Protection Laws; ensure that all Personal Data disclosed or transferred to, or accessed by, the other Party is accurate and up-to-date, as well as adequate, relevant and not excessive to enable either Party to Process the Personal Data as envisaged under this Agreement; ensure that appropriate technical and organisational security measures are in place sufficient to comply with at least the obligations imposed on the Controller by the Security Requirements: ; notify the other Party promptly, and in any event within forty-eight (48) hours of receipt of any Data Subject Request or ICO Correspondence which relates directly or indirectly to the Processing of Personal Data under, or in connection with, this Agreement and together with such notice, provide a copy of such Data Subject Request or ICO Correspondence to the other Party and reasonable details of the circumstances giving rise to it. In addition to providing the notice referred to in this Paragraph 1.2.2(f2.2.2(e), each Party shall provide the other Party with all reasonable co-operation and assistance required by the other Party in relation to any such Data Subject Request or ICO Correspondence; use reasonable endeavours to notify the other Party if it is obliged to make a disclosure of any of the Personal Data under any statutory requirement, such notification to be made in advance of such disclosure or immediately thereafter unless prohibited by law; notify the other Party in writing without undue delay and, in any event, within twenty-four (24) hours of it becoming aware of any actual or suspected Personal Data Breach in relation to the Personal Data received from the other Party and shall, within such timescale to be agreed by the Parties (acting reasonably and in good faith): implement any measures necessary to restore the security of compromised Personal Data; and support the other Party to make any required notifications to the ICO and/or other equivalent relevant Regulator and affected Data Subjects; take reasonable steps to ensure the reliability of any of its personnel who have access to the Personal Data; not do anything which shall damage the reputation of the other Party or that Party's relationship with the Data Subjects; not transfer any Personal Data it is processing to a Restricted Country; hold the information contained in the Personal Data confidentially and under at least the conditions of confidence as such Party holds Personal Data Processed by it other than the Personal Data;

DATA CONTROLLER OBLIGATIONS. Each Party shall in relation to the Processing of the Personal Data comply with its respective obligations under the Data Protection Laws. Without limiting the generality of the obligation set out in Paragraph 1.2.12.2.1, in particular, each Party shall: where required to do so make due notification to the ICO; ensure it is not subject to any prohibition or restriction which would: prevent or restrict it from disclosing or transferring the Personal Data to the other Party as required under this Agreement; prevent or restrict it from granting the other Party access to the Personal Data as required under this Agreement; or prevent or restrict either Party from Processing the Personal Data, as envisaged under this Agreement; ensure that all fair processing notices have been given (and/or, as applicable, consents obtained) and are sufficient in scope to enable each Party to Process the Personal Data as required in order to obtain the benefit of its rights and to fulfil its obligations under this Agreement in accordance with the Data Protection Laws; ensure that all Personal Data disclosed or transferred to, or accessed by, the other another Party is accurate and up-to-date, as well as adequate, relevant and not excessive to enable either that Party to Process the Personal Data as envisaged under this Agreement; ensure that appropriate technical and organisational security measures are in place sufficient to comply with at least the obligations imposed on the Controller by the Security Requirements: Requirements including without limitation, (i) ensuring a level of security appropriate to the risk involved in the processing (which shall include without limitation and, as appropriate, taking steps such as the pseudonymisation and/or encryption of Personal Data, taking steps to ensure the ongoing confidentiality, integrity, availability and resilience of the systems and services used to process Personal Data and regularly testing the effectiveness of the systems in place); (ii) adhering to any relevant codes of conduct or approved certifications; and (iii) ensuring that all individuals who have access to Personal Data maintain the confidentiality and security of Personal Data and comply with the terms of this Agreement and where requested provide to the University evidence of its compliance with such requirements promptly, and in any event within 48 hours of the request. notify the other Party promptly, and in any event within forty-eight (48) hours five days of receipt of any Data Subject Request or ICO Correspondence which relates directly or indirectly to the Processing of Personal Data under, or in connection with, this Agreement and together with such notice, provide a copy of such Data Subject Request or ICO Correspondence to the other Party and reasonable details of the circumstances giving rise to it. In addition to providing the notice referred to in this Paragraph 1.2.2(f2.2.2(f), each Party shall provide the other Party with all reasonable co-operation and assistance required by the other Party in relation to any such Data Subject Request or ICO Correspondence; notify the other Parties in writing without under delay and, in any event, within twenty four (24) hours of it becoming aware of any actual or suspected Personal Data Breach in relation to the Personal Data received from another Party and shall, within such timescale to be agreed by the Parties (acting reasonably and in good faith) : implement any measures necessary to restore the security of compromised Personal Data; and support the other Parties to make any required notifications to the ICO and/or other equivalent relevant Regulator and affected Data Subjects use reasonable endeavours to notify the other Party if it is obliged to make a disclosure of any of the Personal Data under any statutory requirement, such notification to be made in advance of such disclosure or immediately thereafter unless prohibited by law; notify the other Party in writing without undue delay and, in any event, within twenty-four (24) hours of it becoming aware of any actual or suspected Personal Data Breach in relation to the Personal Data received from the other Party and shall, within such timescale to be agreed by the Parties (acting reasonably and in good faith): implement any measures necessary to restore the security of compromised Personal Data; and support the other Party to make any required notifications to the ICO and/or other equivalent relevant Regulator and affected Data Subjects; take reasonable steps to ensure the reliability of any of its personnel who have access to the Personal Data; not do anything which shall damage the reputation of the other Party or that Party's relationship with the Data Subjects; not transfer any Personal Data it is processing to a Restricted Country; hold the information contained in the Personal Data confidentially and under at least the conditions of confidence as such Party holds Personal Data Processed by it other than the Personal Data;.

DATA CONTROLLER OBLIGATIONS. Each Party The Parties shall in relation to the Processing of the Personal Data comply with its respective obligations under the Data Protection LawsGDPR legislation. Without limiting the generality of the obligation set out in Paragraph 1.2.14.1, in particular, each Party shallthe Parties: where Where required to do so make due notification to the ICOrelevant authorities; ensure it is not subject to any prohibition or restriction which would: prevent or restrict it from disclosing or transferring the Personal Data to the other Party Parties as required under this Agreement; prevent or restrict it from granting the other Party Parties access to the Personal Data as required under this Agreement; or prevent or restrict either Party the other Parties from Processing the Personal Data, as envisaged under this Agreement; ensure that all fair processing notices have been given (and/or, as applicable, consents obtained) and are sufficient in scope to enable each Party to Process the Personal Data as required in order to obtain the benefit of its rights and to fulfil its obligations under this Agreement in accordance with the Data Protection LawsGDPR legislation; ensure that all Personal Data disclosed or transferred to, or accessed by, the other Party is accurate and up-to-date, as well as adequate, relevant and not excessive to enable either Party to Process the Personal Data as envisaged under this Agreement; ensure that appropriate technical and organisational security measures are in place sufficient to comply with at least the obligations imposed on the Controller by the Security Requirements: notify the other Party promptly, and in any event within [forty-eight (48) )] hours of receipt of any Data Subject Request or ICO Correspondence which relates directly or indirectly to the Processing of Personal Data under, or in connection with, this Agreement and together with such notice, provide a copy of such Data Subject Request or ICO Correspondence to the other Party and reasonable details of the circumstances giving rise to it. In addition to providing the notice referred to in this Paragraph 1.2.2(f)such notice, each Party they shall provide the other Party with all reasonable co-operation and assistance required by the other Party in relation to any such Data Subject Request or ICO CorrespondenceRequest; use reasonable endeavours to notify the other Party if Parties it is obliged to make a disclosure of any of the Personal Data under any statutory requirement, such notification to be made in advance of such disclosure or immediately thereafter unless prohibited by law; notify the other Party in writing without undue delay and, in any event, within twenty-four (24) hours of it becoming aware of any actual or suspected Personal Data Breach in relation to the Personal Data received from the other Party and shall, within such timescale to be agreed by the Parties (acting reasonably and in good faith): implement any measures necessary to restore the security of compromised Personal Data; and support the other Party to make any required notifications to the ICO and/or other equivalent relevant Regulator and affected Data Subjects; take reasonable steps to ensure the reliability of any of its personnel who have access to the Personal Data; not do anything which shall damage the reputation of the other Party Parties or that Party's their relationship with the Data Subjects; not transfer any Personal Data it is processing to a Restricted Country; hold the information contained in the Personal Data confidentially and under at least the conditions of confidence as such Party holds Personal Data Processed by it other than the Personal Data;