Common use of DATA PROTECTION AND PUBLIC PROCUREMENT Clause in Contracts

DATA PROTECTION AND PUBLIC PROCUREMENT. Data Protection 14.1. The Grant Recipient will comply at all times with its obligations under Data Protection Legislation. 14.2. To the extent that the Grant Recipient and the Authority share any Personal Data for the purposes of the Agreement, the Parties accept that they are each a separate independent Controller in respect of such Personal Data. Each Party: (i) shall comply with the applicable Data Protection Legislation in respect of their processing of such Personal Data; (ii) will be individually and separately responsible for its own compliance; and (iii) do not and will not Process any Personal Data as Joint Controllers. 14.3. Each Party shall, with respect to its processing of Personal Data as independent Controller, implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1)(a), (b), (c) and (d) of the GDPR, and the measures shall, at a minimum, comply with the requirements of the Data Protection Legislation. 14.4. The Grant Recipient shall ensure that its systems processing children’s data and connecting to the Youth Justice Application Framework will meet the Government Minimum Cyber Security Standard1.

DATA PROTECTION AND PUBLIC PROCUREMENT. Data Protection‌ 14.1. The Grant Recipient and the Authority will comply at all times with its respective obligations under Data Protection Legislation. 14.2. The Parties agree that for the purposes of the Data Protection Legislation the Grant Recipient is an independent controller and the Authority is an independent controller. The specific data arrangements are provided in the Data Sharing Agreement as agreed between the Parties in connection with the delivery of the Funded Activities. 14.3. To the extent that the Grant Recipient and the Authority share any Personal Data for the purposes of the this Grant Funding Agreement, the Parties accept that they are each a separate independent Controller in respect of such Personal Data. Each Party: (i) shall comply with the applicable Data Protection Legislation in respect of their processing of such Personal Data; (ii) will be individually and separately responsible for its own compliance; and (iii) do not and will not Process any Personal Data as Joint Controllers. 14.314.4. Each Party shall, with respect to its processing of Personal Data as independent Controller, implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1)(a), (b), (c) and (d) of the GDPR, and the measures shall, at a minimum, comply with the requirements of the Data Protection Legislation, including Article 32 of the GDPR. 14.4. The Grant Recipient shall ensure that its systems processing children’s data and connecting to the Youth Justice Application Framework will meet the Government Minimum Cyber Security Standard1.

DATA PROTECTION AND PUBLIC PROCUREMENT. Data Protection 14.1. The Grant Recipient will comply at all times with its obligations under Data Protection Legislation. 14.2. To the extent that the Grant Recipient and the Authority share any Personal Data for the purposes of the Agreement, the Parties accept that they are each a separate independent Controller in respect of such Personal Data. Each Party: (i) shall comply with the applicable Data Protection Legislation in respect of their processing of such Personal Data; (ii) will be individually and separately responsible for its own compliance; and (iii) do not and will not Process any Personal Data as Joint Controllers. 14.3. Each Party shall, with respect to its processing of Personal Data as independent Controller, implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1)(a), (b), (c) and (d) of the GDPR, and the measures shall, at a minimum, comply with the requirements of the Data Protection Legislation. 14.4. The Grant Recipient shall ensure that its systems processing children’s data and connecting to the Youth Justice Application Framework will meet the Government Minimum Cyber Security Standard1.