Common use of DATA PROTECTION AND PROTECTION OF PERSONAL DATA Clause in Contracts

DATA PROTECTION AND PROTECTION OF PERSONAL DATA. 20.1 The Parties acknowledge that for the purposes of the Data Protection Legislation, the Department on behalf of the Secretary of State for Education is the Data Controller and the Employer is the Data Processor only for the processing set out in Schedule 6 (i.e. submission of Learner data to the Department). Any other processing of Personal Data undertaken by the Employer (i.e. Learner enrolment or delivering education & training, e.g. e-portfolios) will be as a Data Controller and not on behalf of the Department. Clauses 20.2 to 20.14 below apply only in relation to the processing of Personal Data on behalf of the Department as set out in Schedule 6, and the only processing that the Data Processor is authorised to do on behalf of the Department is listed in Schedule 6 by the Department and may not be determined by the Data Processor. 20.2 The Data Processor must notify the Data Controller immediately if it considers that any of the Data Controller's instructions infringe the Data Protection Legislation. 20.3 The Data Processor must provide all reasonable assistance to the Data Controller in the preparation of any Data Protection Impact Assessment prior to commencing any processing. Such assistance may, at the discretion of the Data Controller, include: (a) a systematic description of the envisaged processing operations and the purpose of the processing; (b) an assessment of the necessity and proportionality of the processing operations in relation to the Services; (c) an assessment of the risks to the rights and freedoms of Data Subjects; and (d) the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of Personal Data.

DATA PROTECTION AND PROTECTION OF PERSONAL DATA. 20.1 The Parties acknowledge that for the purposes of the Data Protection LegislationLaws, the Department on behalf of the Secretary of State for Education is the Data Controller and the Employer is the Data Processor only for the processing set out in Schedule 6 (i.e. submission of Learner data to the Department). Any other processing of Personal Data undertaken by the Employer (i.e. Learner enrolment or delivering education & training, e.g. e-portfolios) will be as a Data Controller and not on behalf of the Department. Clauses 20.2 to 20.14 below apply only in relation to the processing of Personal Data on behalf of the Department as set out in Schedule 6, and the only processing that the Data Processor is authorised to do on behalf of the Department is listed in Schedule 6 by the Department and may not be determined by the Data Processor. 20.2 The Data Processor must notify the Data Controller immediately if it considers that any of the Data Controller's instructions infringe the Data Protection LegislationLaws. 20.3 The Data Processor must provide all reasonable assistance to the Data Controller in the preparation of any Data Protection Impact Assessment prior to commencing any processing. Such assistance may, at the discretion of the Data Controller, include: (a) a systematic description of the envisaged processing operations and the purpose of the processing; (b) an assessment of the necessity and proportionality of the processing operations in relation to the Services; (c) an assessment of the risks to the rights and freedoms of Data Subjects; and (d) the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of Personal Data.

DATA PROTECTION AND PROTECTION OF PERSONAL DATA. 20.1 The Parties acknowledge that for the purposes of the Data Protection LegislationLaws, the Department on behalf of the Secretary of State for Education is the Data Controller and the Employer is the Data Processor only for the processing set out in Schedule 6 (i.e. submission of Learner data to the Department). Any other processing of Personal Data undertaken by the Employer (i.e. Learner enrolment or delivering education & training, e.g. e-portfolios) will be as a Data Controller and not on behalf of the Department. Clauses 20.2 to 20.14 below apply only in relation to the processing of Personal Data on behalf of the Department as set out in Schedule 6, and the only processing that the Data Processor is authorised to do on behalf of the Department is listed in Schedule 6 by the Department and may not be determined by the Data Processor. 20.2 The Data Processor must notify the Data Controller immediately if it considers that any of the Data Controller's instructions infringe the Data Protection LegislationLaws. 20.3 The Data Processor must provide all reasonable assistance to the Data Controller in the preparation of any Data Protection Impact Assessment prior to commencing any processing. Such assistance may, at the discretion of the Data Controller, include: (a) a systematic description of the envisaged processing operations and the purpose of the processing; (b) an assessment of the necessity and proportionality of the processing operations in relation to the Services; (c) an assessment of the risks to the rights and freedoms of Data Subjects; and (d) the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of Personal Data.

DATA PROTECTION AND PROTECTION OF PERSONAL DATA. 20.1 The Parties acknowledge that for the purposes of the Data Protection Legislation, the Department on behalf of the Secretary of State for Education is the Data Controller and the Employer Provider is the Data Processor only for the processing set out in Schedule 6 (i.e. submission of Learner data to the Department). Any other processing of Personal Data undertaken by the Employer Provider (i.e. Learner enrolment or delivering education & training, e.g. e-portfolios) will be as a Data Controller and not on behalf of the Department. Clauses 20.2 to 20.14 below apply only in relation to the processing of Personal Data on behalf of the Department as set out in Schedule 6, and the only processing that the Data Processor is authorised to do on behalf of the Department is listed in Schedule 6 by the Department and may not be determined by the Data Processor. 20.2 The Data Processor must notify the Data Controller immediately if it considers that any of the Data Controller's instructions infringe the Data Protection Legislation. 20.3 The Data Processor must provide all reasonable assistance to the Data Controller in the preparation of any Data Protection Impact Assessment prior to commencing any processing. Such assistance may, at the discretion of the Data Controller, include: (a) a systematic description of the envisaged processing operations and the purpose of the processing; (b) an assessment of the necessity and proportionality of the processing operations in relation to the Services; (c) an assessment of the risks to the rights and freedoms of Data Subjects; and (d) the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of Personal Data.

DATA PROTECTION AND PROTECTION OF PERSONAL DATA. 20.1 The Parties acknowledge that for the purposes of the Data Protection LegislationLaws, the Department on behalf of the Secretary of State for Education is the Data Controller and the Employer Provider is the Data Processor only for the processing set out in Schedule 6 (i.e. submission of Learner data to the Department). Any other processing of Personal Data undertaken by the Employer Provider (i.e. Learner enrolment or delivering education & training, e.g. e-e- portfolios) will be as a Data Controller and not on behalf of the Department. Clauses 20.2 to 20.14 below apply only in relation to the processing of Personal Data on behalf of the Department as set out in Schedule 6, and the only processing that the Data Processor is authorised to do on behalf of the Department is listed in Schedule 6 by the Department and may not be determined by the Data Processor. 20.2 The Data Processor must notify the Data Controller immediately if it considers that any of the Data Controller's instructions infringe the Data Protection LegislationLaws. 20.3 The Data Processor must provide all reasonable assistance to the Data Controller in the preparation of any Data Protection Impact Assessment prior to commencing any processing. Such assistance may, at the discretion of the Data Controller, include: (a) a systematic description of the envisaged processing operations and the purpose of the processing; (b) an assessment of the necessity and proportionality of the processing operations in relation to the Services; (c) an assessment of the risks to the rights and freedoms of Data Subjects; and (d) the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of Personal Data.

DATA PROTECTION AND PROTECTION OF PERSONAL DATA. 20.1 The Parties acknowledge that for the purposes of the Data Protection LegislationLaws, the Department on behalf of the Secretary of State for Education is the Data Controller and the Employer is the Data Processor only for the processing set out in Schedule 6 (i.e. submission of Learner data to the Department). Any other processing of Personal Data undertaken by the Employer (i.e. Learner enrolment or delivering education & training, e.g. i.e. e-portfolios) will be as a Data Controller and not on behalf of the Department. Clauses 20.2 to 20.14 20.16 below apply only in relation to the processing of Personal Data on behalf of the Department as set out in Schedule 6, and the only processing that the Data Processor is authorised to do on behalf of the Department is listed in Schedule 6 by the Department and may not be determined by the Data Processor. 20.2 The Data Processor must notify the Data Controller immediately if it considers that any of the Data Controller's instructions infringe the Data Protection LegislationLaws. 20.3 The Data Processor must provide all reasonable assistance to the Data Controller in the preparation of any Data Protection Impact Assessment prior to commencing any processing. Such assistance may, at the discretion of the Data Controller, include: (a) a systematic description of the envisaged processing operations and the purpose of the processing; (b) an assessment of the necessity and proportionality of the processing operations in relation to the Services; (c) an assessment of the risks to the rights and freedoms of Data Subjects; and (d) the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of Personal Data.

DATA PROTECTION AND PROTECTION OF PERSONAL DATA. 20.1 22.1 The Parties acknowledge that for the purposes of the Data Protection LegislationLaws, the Department on behalf of the Secretary of State for Education is the Data Controller and the Employer Contractor is the Data Processor only for the processing set out in Schedule 6 (i.e. submission of Learner data to the Department). Any other processing of Personal Data undertaken by the Employer Contractor (i.e. Learner enrolment or delivering education & training, e.g. e-portfolios) will be as a Data Controller and not on behalf of the Department. Clauses 20.2 22.2 to 20.14 22.14 below apply only in relation to the processing of Personal Data on behalf of the Department as set out in Schedule 6, and the only processing that the Data Processor is authorised to do on behalf of the Department is listed in Schedule 6 by the Department and may not be determined by the Data Processor. 20.2 22.2 The Data Processor must notify the Data Controller immediately if it considers that any of the Data Controller's instructions infringe the Data Protection LegislationLaws. 20.3 22.3 The Data Processor must provide all reasonable assistance to the Data Controller in the preparation of any Data Protection Impact Assessment prior to commencing any processing. Such assistance may, at the discretion of the Data Controller, include: (a) a systematic description of the envisaged processing operations and the purpose of the processing; (b) an assessment of the necessity and proportionality of the processing operations in relation to the Services; (c) an assessment of the risks to the rights and freedoms of Data Subjects; and (d) the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of Personal Data.