Common use of Data Protection Compliance Clause in Contracts

Data Protection Compliance. 3.1 Each Party shall comply with all the obligations imposed on a controller under the Data Protection Legislation. Any material breach of the Data Protection Legislation by a Party in connection with the Data Sharing shall constitute a material breach of this Schedule 2. 3.2 Each Party shall: (a) process the Shared Personal Data fairly and lawfully, each of them as a Data Controller; (b) for each Agreed Purpose, ensure that it processes the Shared Personal Data on the basis of one of the legal grounds set out in Article 6 of the GDPR (Lawfulness of Processing) or Article 9 of the GDPR (Processing of special categories of personal data) (as applicable); (c) inform, or otherwise make information available to the Data Subjects of the purposes for which it will process Personal Data and provide or make available all information that it must provide in accordance with its own applicable law to ensure that Data Subjects understand how their Personal Data will be processed by that Party; (d) ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data; (e) not transfer any personal data outside the European Economic Area otherwise than in compliance with the Data Protection Legislation.

Data Protection Compliance. 3.1 Each Party shall comply with all the obligations imposed on a controller under the Data Protection Legislation. Any material breach of the Data Protection Legislation by a Party in connection with the Data Sharing shall constitute a material breach of this Schedule 2Schedule. 3.2 Each Party shall: (a) process the Shared Personal Data fairly and lawfully, each of them as a Data Controller; (b) for each Agreed Purpose, ensure that it processes the Shared Personal Data on the basis of one of the legal grounds set out in Article 6 of the GDPR (Lawfulness of Processing) or Article 9 of the GDPR (Processing of special categories of personal data) (as applicable); (c) inform, or otherwise make information available to the Data Subjects of the purposes for which it will process Personal Data and provide or make available all information that it must provide in accordance with its own applicable law to ensure that Data Subjects understand how their Personal Data will be processed by that Party; (d) ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data; (e) not transfer any personal data outside the European Economic Area otherwise than in compliance with the Data Protection Legislation.

Data Protection Compliance. 3.1 Each Party shall comply with all the obligations imposed on a controller under the Data Protection Legislation. Any material breach of the Data Protection Legislation by a Party in connection with the Data Sharing shall constitute a material breach of this Schedule 21. 3.2 Each Party shall: (a) process the Shared Personal Data fairly and lawfully, each of them as a Data Controller; (b) for each Agreed Purpose, ensure that it processes the Shared Personal Data on the basis of one of the legal grounds set out in Article 6 of the GDPR (Lawfulness of Processing) or Article 9 of the GDPR (Processing of special categories of personal data) (as applicable); (c) inform, or otherwise make information available to the Data Subjects of the purposes for which it will process Personal Data and provide or make available all information that it must provide in accordance with its own applicable law to ensure that Data Subjects understand how their Personal Data will be processed by that Party; (d) ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data; (e) not transfer any personal data outside the European Economic Area otherwise than in compliance with the Data Protection Legislation.