Common use of Data Protection Breach Clause in Contracts

Data Protection Breach. 3.1 Without prejudice to Paragraph 3.2 of this Part B – Joint Controller Agreement of Annex 1 – Processing Personal Data, each Party shall notify the other Party promptly and without undue delay, and in any event within 48 hours, upon becoming aware of any Personal Data Breach or circumstances that are likely to give rise to a Personal Data Breach, providing the other Party and its advisors with: (a) sufficient information and in a timescale which allows the other Party to meet any obligations to report a Personal Data Breach under the Data Protection Legislation; (b) all reasonable assistance, including: (i) co-operation with the other Party and the Information Commissioner investigating the Personal Data Breach and its cause, containing and recovering the compromised Personal Data and compliance with the applicable guidance; (ii) co-operation with the other Party including using such reasonable endeavours as are directed by the Buyer to assist in the investigation, mitigation and remediation of a Personal Data Breach; (iii) co-ordination with the other Party regarding the management of public relations and public statements relating to the Personal Data Breach; and/or The Short-form Form Contract 18 (iv) providing the other Party and to the extent instructed by the other Party to do so, and/or the Information Commissioner investigating the Personal Data Breach, with complete information relating to the Personal Data Breach, including, without limitation, the information set out in Paragraph 3.2 of this Part B – Joint Controller Agreement of Annex 1 – Processing Personal Data;. 3.2 Each Party shall use all reasonable endeavours to restore, re-constitute and/or reconstruct any Personal Data where it has lost, damaged, destroyed, altered or corrupted as a result of a Personal Data Breach as if it was that Party’s own data at its own cost with all possible speed and shall provide the other Party with all reasonable assistance in respect of any such Personal Data Breach, including providing the other Party, as soon as possible and within 48 hours of the Personal Data Breach relating to the Personal Data Breach, in particular: (a) the nature of the Personal Data Breach; (b) the nature of Personal Data affected;

Data Protection Breach. 3.1 Without prejudice to Paragraph 3.2 of this Part B – Joint Controller Agreement of Annex 1 – Processing Personal Data, each Party shall notify the other Party promptly and without undue delay, and in any event within 48 hours, upon becoming aware of any Personal Data Breach or circumstances that are likely to give rise to a Personal Data Breach, providing the other Party and its advisors with: (a) sufficient information and in a timescale which allows the other Party to meet any obligations to report a Personal Data Breach under the Data Protection Legislation; (b) all reasonable assistance, including: (i) co-operation with the other Party and the Information Commissioner investigating the Personal Data Breach and its cause, containing and recovering the compromised Personal Data and compliance with the applicable guidance; (ii) co-operation with the other Party including using such reasonable endeavours as are directed by the Buyer to assist in the investigation, mitigation and remediation of a Personal Data Breach; (iii) co-ordination with the other Party regarding the management of public relations and public statements relating to the Personal Data Breach; and/or The Short-form Form Contract 18 and/or (iv) providing the other Party and to the extent instructed by the other Party to do so, and/or the Information Commissioner investigating the Personal Data Breach, with complete information relating to the Personal Data Breach, including, without limitation, the information set out in Paragraph 3.2 of this Part B – Joint Controller Agreement of Annex 1 – Processing Personal Data;. 3.2 Each Party shall use all reasonable endeavours to restore, re-constitute and/or reconstruct any Personal Data where it has lost, damaged, destroyed, altered or corrupted as a result of a Personal Data Breach as if it was that Party’s own data at its own cost with all possible speed and shall provide the other Party with all reasonable assistance in respect of any such Personal Data Breach, including providing the other Party, as soon as possible and within 48 hours of the Personal Data Breach relating to the Personal Data Breach, in particular:particular:‌ (a) the nature of the Personal Data Breach; ; (b) the nature of Personal Data affected; (c) the categories and number of Data Subjects concerned; (d) the name and contact details of the Party’s Data Protection Officer or other relevant contact from whom more information may be obtained; (e) measures taken or proposed to be taken to address the Personal Data Breach; and (f) a description of the likely consequences of the Personal Data Breach.

Data Protection Breach. 3.1 Without prejudice to Paragraph 3.2 of this Part B – Joint Controller Agreement of Annex 1 – Processing Personal Dataclause 3.2, each Party shall notify the other Party promptly and without undue delay, and in any event within 48 hours, upon becoming aware of any Personal Data Breach or circumstances that are likely to give rise to a Personal Data Breach, providing the other Party Relevant Authority and its advisors with: (a) sufficient information and in a timescale which allows the other Party to meet any obligations to report a Personal Data Breach under the Data Protection Legislation; (b) all reasonable assistance, including: (i) co-operation with the other Party and the Information Commissioner investigating the Personal Data Breach and its cause, containing and recovering the compromised Personal Data and compliance with the applicable guidance; (ii) co-operation with the other Party including using taking such reasonable endeavours steps as are directed by the Buyer Relevant Authority to assist in the investigation, mitigation and remediation of a Personal Data Breach; (iii) co-ordination with the other Party regarding the management of public relations and public statements relating to the Personal Data Breach; and/or The Short-form Form Contract 18 and/or (iv) providing the other Party and to the extent instructed by the other Party to do so, and/or the Information Commissioner investigating the Personal Data Breach, with complete information relating to the Personal Data Breach, including, without limitation, the information set out in Paragraph 3.2 of this Part B – Joint Controller Agreement of Annex 1 – Processing Personal Data;Clause 3.2. 3.2 Each Party shall use take all reasonable endeavours steps to restore, re-constitute and/or reconstruct any Personal Data where it has lost, damaged, destroyed, altered or corrupted as a result of a Personal Data Breach as if it was that Party’s own data at its own cost with all possible speed and shall provide the other Party with all reasonable assistance in respect of any such Personal Data Breach, including providing the other Party, as soon as possible and within 48 hours of the Personal Data Breach relating to the Personal Data Breach, in particular: (a) the nature of the Personal Data Breach; ; (b) the nature of Personal Data affected; (c) the categories and number of Data Subjects concerned; (d) the name and contact details of the Supplier’s Data Protection Officer or other relevant contact from whom more information may be obtained; (e) measures taken or proposed to be taken to address the Personal Data Breach; and (f) describe the likely consequences of the Personal Data Breach.

Data Protection Breach. 3.1 Without prejudice to Paragraph 3.2 of this Part B – Joint Controller Agreement of Annex 1 – Processing Personal Data, each Party shall notify the other Party promptly and without undue delay, and in any event within 48 hours, upon becoming aware of any Personal Data Breach Loss Event or circumstances that are likely to give rise to a Personal Data BreachLoss Event, providing the other Party and its advisors with: (a) 3.1.1 sufficient information and in a timescale which allows the other Party to meet any obligations to report a Personal Data Breach Loss Event under the Data Protection Legislation; (b) 3.1.2 all reasonable assistance, including: (i) 3.1.2.1 co-operation with the other Party and the Information Commissioner investigating the Personal Data Breach Loss Event and its cause, containing and recovering the compromised Personal Data and compliance with the applicable guidance; (ii) 3.1.2.2 co-operation with the other Party including using such reasonable best endeavours as are directed by the Buyer to assist in the investigation, mitigation and remediation of a Personal Data BreachLoss Event; (iii) 3.1.2.3 co-ordination with the other Party regarding the management of public relations and public statements relating to the Personal Data BreachLoss Event; and/or The Short-form Form Contract 18 (iv) and/or 3.1.2.4 providing the other Party and to the extent instructed by the other Party to do so, and/or the Information Commissioner investigating the Personal Data BreachLoss Event, with complete information relating to the Personal Data BreachLoss Event, including, without limitation, including the information set out in Paragraph 3.2 of this Part B – Joint Controller Agreement of Annex 1 – Processing Personal Data;. 3.2 Each Party shall use all reasonable best endeavours to restore, re-constitute and/or reconstruct any Personal Data where it has lost, damaged, destroyed, altered or corrupted as a result of a Personal Data Breach Loss Event which is the fault of that Party as if it was that Party’s own data at its own cost with all possible speed and shall provide the other Party with all reasonable assistance in respect of any such Personal Data BreachLoss Event, including providing the other Party, as soon as possible and within 48 hours of the Personal Data Breach Loss Event relating to the Personal Data BreachLoss Event, in particular: (a) 3.2.1 the nature of the Personal Data Breach; (b) Loss Event; 3.2.2 the nature of Personal Data affected; 3.2.3 the categories and number of Data Subjects concerned; 3.2.4 the name and contact details of the Party’s Data Protection Officer or other relevant contact from whom more information may be obtained; 3.2.5 measures taken or proposed to be taken to address the Data Loss Event; and 3.2.6 a description of the likely consequences of the Data Loss Event.

Data Protection Breach. ‌ 3.1 Without prejudice to Paragraph 3.2 of this Part B – Joint Controller Agreement (Optional)Joint Controller Agreement (Optional) of Annex 1 – Processing Personal Data, each Party shall notify the other Party promptly and without undue delay, and in any event within 48 hours, upon becoming aware of any Personal Data Breach BreachData Loss Event or circumstances that are likely to give rise to a Personal Data BreachBreachData Loss Event, providing the other Party and its advisors with: (a) 3.1.1 sufficient information and in a timescale which allows the other Party to meet any obligations to report a Personal Data Breach BreachData Loss Event under the Data Protection Legislation; (b) 3.1.2 all reasonable assistance, including: (i) 3.1.2.1 co-operation with the other Party and the Information Commissioner investigating the Personal Data Breach BreachData Loss Event and its cause, containing and recovering the compromised Personal Data and compliance with the applicable guidance; (ii) 3.1.2.2 co-operation with the other Party including using such reasonable bestreasonable endeavours as are directed by the Buyer to assist in the investigation, mitigation and remediation of a Personal Data BreachBreachData Loss Event; (iii) 3.1.2.3 co-ordination with the other Party regarding the management of public relations and public statements relating to the Personal Data BreachBreachData Loss Event; and/or The Short-form Form Contract 18 (iv) and/or 3.1.2.4 providing the other Party and to the extent instructed by the other Party to do so, and/or the Information Commissioner investigating the Personal Data BreachBreachData Loss Event, with complete information relating to the Personal Data BreachBreachData Loss Event, including, without limitation, the information set out in Paragraph 3.2 of this Part B – Joint Controller Agreement (Optional)Joint Controller Agreement (Optional) of Annex 1 – Processing Personal Data;. 3.2 Each Party shall use all bestall reasonable endeavours to restore, re-constitute and/or reconstruct any Personal Data where it has lost, damaged, destroyed, altered or corrupted as a result of a Personal Data Breach BreachData Loss Event which sis the fault of that Party as if it was that Party’s own data at its own cost with all possible speed and shall provide the other Party with all reasonable assistance in respect of any such Personal Data BreachBreachData Loss Event, including providing the other Party, as soon as possible and within 48 hours of the Personal Data Breach BreachData Loss Event relating to the Personal Data BreachBreachData Loss Event, in particular:particular:‌ (a) 3.2.1 the nature of the Personal Data Breach; (b) BreachData Loss Event; 3.2.2 the nature of Personal Data affected; 3. 2.3 the categories and number of Data Subjects concerned;

Data Protection Breach. 3.1 Without prejudice to Paragraph 3.2 of this Part B – Joint Controller Agreement of Annex 1 – Processing Personal Data3.2, each Party shall notify the other Party promptly and without undue delay, and in any event within 48 hours, upon becoming aware of any Personal Data Breach or circumstances that are likely to give rise to a Personal Data Breach, providing the other Party and its advisors with: (a) sufficient information and in a timescale which allows the other Party to meet any obligations to report a Personal Data Breach under the Data Protection Legislation;; and (b) all reasonable assistance, including: (i) cocooperationco-operation with the other Party and the Information Commissioner investigating the Personal Data Breach and its cause, containing and recovering the compromised Personal Data and compliance with the applicable guidance; (ii) cocooperationco-operation with the other Party including taking using such reasonable steps endeavours as are directed by the Buyer other Party to assist in the investigation, mitigation and remediation of a Personal Data Breach; (iii) cocoordinationco-ordination with the other Party regarding the management of public relations and public statements relating to the Personal Data Breach; and/or The Short-form Form Contract 18 and/or (iv) (iv) providing the other Party and to the extent instructed by the other Party to do so, and/or the Information Commissioner investigating the Personal Data Breach, with complete information relating to the Personal Data Breach, including, without limitation, the information set out in Paragraph 3.2 of this Part B – Joint Controller Agreement of Annex 1 – Processing Personal Data;Clause 3.2. 3.2 Each Party shall use takeuseuse all steps reasonable endeavours to restore, re-constitute and/or reconstruct any Personal Data where it has lost, damaged, destroyed, altered or corrupted as a result of a Personal Data Breach as if it was that Party’s own data at its own cost with all possible speed and shall provide the other Party with all reasonable assistance in respect of any such Personal Data Breach, including providing the other Party, as soon as possible and within 48 hours of the Personal Data Breach relating to the Personal Data Breach, in particular: (a) the nature of the Personal Data Breach; ; (b) the nature of Personal Data affected; (c) the categories and number of Data Subjects concerned; (d) the name and contact details of the Supplier’s Data Protection Officer or other relevant contact from whom more information may be obtained; (e) measures taken or proposed to be taken to address the Personal Data Breach; and (f) describe the likely consequences of the Personal Data Breach.

Data Protection Breach. 3.1 Without prejudice to Paragraph 3.2 of this Part B – Joint Controller Agreement of Annex 1 – Processing Personal Data3.2, each Party shall notify the other Party promptly and without undue delay, and in any event within 48 hours, upon becoming aware of any Personal Data Breach or circumstances that are likely to give rise to a Personal Data Breach, providing the other Party and its advisors with: (a) : sufficient information and in a timescale which allows the other Party to meet any obligations to report a Personal Data Breach under the Data Protection Legislation; (b) ; all reasonable assistance, including: (i) : co-operation with the other Party and the Information Commissioner investigating the Personal Data Breach and its cause, containing and recovering the compromised Personal Data and compliance with the applicable guidance; (ii) ; co-operation with the other Party including using taking such reasonable endeavours steps as are directed by the Buyer Authority to assist in the investigation, mitigation and remediation of a Personal Data Breach; (iii) ; co-ordination with the other Party regarding the management of public relations and public statements relating to the Personal Data Breach; and/or The Short-form Form Contract 18 (iv) providing the other Party and to the extent instructed by the other Party to do so, and/or the Information Commissioner investigating the Personal Data Breach, with complete information relating to the Personal Data Breach, including, without limitation, the information set out in Paragraph 3.2 of this Part B – Joint Controller Agreement of Annex 1 – Processing Personal Data;. 3.2 3.2. Each Party shall use take all reasonable endeavours steps to restore, re-constitute and/or reconstruct any Personal Data where it has lost, damaged, destroyed, altered or corrupted as a result of a Personal Data Breach as if it was that Party’s own data at its own cost with all possible speed and shall provide the other Party with all reasonable assistance in respect of any such Personal Data Breach, including providing the other Party, as soon as possible and within 48 hours of the Personal Data Breach relating to the Personal Data Breach, in particular: (a) : the nature of the Personal Data Breach; (b) the nature of Personal Data affected;; the categories and number of Data Subjects concerned; the name and contact details of the Contractor’s Data Protection Officer or other relevant contact from whom more information may be obtained; measures taken or proposed to be taken to address the Personal Data Breach; and describe the likely consequences of the Personal Data Breach. The Contractor shall permit: the Authority, or a third-party auditor acting under the Authority’s direction, to conduct, at the Authority’s cost, data privacy and security audits, assessments and inspections concerning the Contractor’s data security and privacy procedures relating to Personal Data, its compliance with this Annex 1 and the Data Protection Legislation. the Authority, or a third-party auditor acting under the Authority’s direction, access to premises at which the Personal Data is accessible or at which it is able to inspect any relevant records, including the record maintained under Article 30 of the GDPR by the Contractor so far as relevant to the Contract, and procedures, including premises under the control of any third party appointed by the Contractor to assist in the provision of the Services. The Authority may, in its sole discretion, require the Contractor to provide evidence of the Contractor’s compliance with Paragraph 4.1 in lieu of conducting such an audit, assessment or inspection. The Parties shall: provide all reasonable assistance to each other to prepare any Data Protection Impact Assessment as may be required (including provision of detailed information and assessments in relation to Processing operations, risks and measures); maintain full and complete records of all Processing carried out in respect of the Personal Data in connection with this Contract, in accordance with the terms of Article 30 of the GDPR.

Data Protection Breach. 3.1 Without prejudice to Paragraph 3.2 of this Part B – Joint Controller Agreement of Annex 1 – Processing Personal Data3.2, each Party shall notify the other Party promptly and without undue delay, and in any event within 48 hours, upon becoming aware of any Personal Data Breach or circumstances that are likely to give rise to a Personal Data Breach, providing the other Party Customer and its advisors with: (a) sufficient information and in a timescale which allows the other Party to meet any obligations to report a Personal Data Breach under the Data Protection Legislation; (b) all reasonable assistance, including: (i) : co-operation with the other Party and the Information Commissioner investigating the Personal Data Breach and its cause, containing and recovering the compromised Personal Data and compliance with the applicable guidance; (ii) ; co-operation with the other Party including using taking such reasonable endeavours steps as are directed by the Buyer Customer to assist in the investigation, mitigation and remediation of a Personal Data Breach; (iii) ; co-ordination with the other Party regarding the management of public relations and public statements relating to the Personal Data Breach; and/or The Short-form Form Contract 18 (iv) providing the other Party and to the extent instructed by the other Party to do so, and/or the Information Commissioner investigating the Personal Data Breach, with complete information relating to the Personal Data Breach, including, without limitation, the information set out in Paragraph 3.2 of this Part B – Joint Controller Agreement of Annex 1 – Processing Personal Data;Clause 3.2. 3.2 Each Party shall use take all reasonable endeavours steps to restore, re-constitute and/or reconstruct any Personal Data where it has lost, damaged, destroyed, altered or corrupted as a result of a Personal Data Breach as if it was that Party’s own data at its own cost with all possible speed and shall provide the other Party with all reasonable assistance in respect of any such Personal Data Breach, including providing the other Party, as soon as possible and within 48 hours of the Personal Data Breach relating to the Personal Data Breach, in particular: (a) the nature of the Personal Data Breach; ; (b) the nature of Personal Data affected; (c) the categories and number of Data Subjects concerned; (d) the name and contact details of the Supplier’s Data Protection Officer or other relevant contact from whom more information may be obtained; (e) measures taken or proposed to be taken to address the Personal Data Breach; and (f) describe the likely consequences of the Personal Data Breach.

Data Protection Breach. 3.1 Without prejudice to Paragraph 3.2 of this Part B – Joint Controller Agreement of Annex 1 – Processing Personal Data3.2, each Party shall notify the other Party promptly and without undue delay, and in any event within 48 hours, upon becoming aware of any Personal Data Breach or circumstances that are likely to give rise to a Personal Data Breach, providing the other Party CCS and its advisors with: (a) sufficient information and in a timescale which allows the other Party to meet any obligations to report a Personal Data Breach under the Data Protection Legislation; (b) all reasonable assistance, including: (i) co-operation with the other Party and the Information Commissioner investigating the Personal Data Breach and its cause, containing and recovering the compromised Personal Data and compliance with the applicable guidance; (ii) co-operation with the other Party including using taking such reasonable endeavours steps as are directed by the Buyer CCS to assist in the investigation, mitigation and remediation of a Personal Data Breach; (iii) co-ordination with the other Party regarding the management of public relations and public statements relating to the Personal Data Breach; and/or The Short-form Form Contract 18 and/or (iv) providing the other Party and to the extent instructed by the other Party to do so, and/or the Information Commissioner investigating the Personal Data Breach, with complete information relating to the Personal Data Breach, including, without limitation, the information set out in Paragraph 3.2 of this Part B – Joint Controller Agreement of Annex 1 – Processing Personal Data;Clause 3.2. 3.2 Each Party shall use take all reasonable endeavours steps to restore, re-constitute and/or reconstruct any Personal Data where it has lost, damaged, destroyed, altered or corrupted as a result of a Personal Data Breach as if it was that Party’s own data at its own cost with all possible speed and shall provide the other Party with all reasonable assistance in respect of any such Personal Data Breach, including providing the other Party, as soon as possible and within 48 hours of the Personal Data Breach relating to the Personal Data Breach, in particular: (a) the nature of the Personal Data Breach; ; (b) the nature of Personal Data affected; (c) the categories and number of Data Subjects concerned; (d) the name and contact details of the Supplier’s Data Protection Officer or other relevant contact from whom more information may be obtained; (e) measures taken or proposed to be taken to address the Personal Data Breach; and (f) describe the likely consequences of the Personal Data Breach.

Data Protection Breach. 3.1 Without prejudice to Paragraph 3.2 of this Part B – Joint Controller Agreement of Annex 1 – Processing Personal Data3.2, each Party shall notify the other Party promptly and without undue delay, and in any event within 48 hours, upon becoming aware of any Personal Data Breach or circumstances that are likely to give rise to a Personal Data Breach, providing the other Party and its advisors with: (a) sufficient information and in a timescale which allows the other Party to meet any obligations to report a Personal Data Breach under the Data Protection Legislation; (b) all reasonable assistance, including: (i) co-operation with the other Party and the Information Commissioner investigating the Personal Data Breach and its cause, containing and recovering the compromised Personal Data and compliance with the applicable guidance; (ii) co-operation with the other Party including using taking such reasonable endeavours steps as are directed by the Buyer other Party to assist in the investigation, mitigation and remediation of a Personal Data Breach; (iii) co-ordination with the other Party regarding the management of public relations and public statements relating to the Personal Data Breach; and/or The Short-form Form Contract 18 and/or (iv) providing the other Party and to the extent instructed by the other Party to do so, and/or the Information Commissioner investigating the Personal Data Breach, with complete information relating to the Personal Data Breach, including, without limitation, the information set out in Paragraph 3.2 of this Part B – Joint Controller Agreement of Annex 1 – Processing Personal Data;Clause 3.2. 3.2 Each Party shall use take all reasonable endeavours steps to restore, re-constitute and/or reconstruct any Personal Data where it has lost, damaged, destroyed, altered or corrupted as a result of a Personal Data Breach as if it was that Party’s own data at its own cost with all possible speed and shall provide the other Party with all reasonable assistance in respect of any such Personal Data Breach, including providing the other Party, as soon as possible and within 48 hours of the Personal Data Breach relating to the Personal Data Breach, in particular: (a) the nature of the Personal Data Breach; ; (b) the nature of Personal Data affected; (c) the categories and number of Data Subjects concerned; (d) the name and contact details of the Supplier’s Data Protection Officer or other relevant contact from whom more information may be obtained; (e) measures taken or proposed to be taken to address the Personal Data Breach; and (f) describe the likely consequences of the Personal Data Breach.