Common use of Data Protection Obligations Clause in Contracts

Data Protection Obligations. 3.1 Each party shall ensure that it has in place all necessary notices and consents to enable the fair and lawful processing of Personal data in accordance with this Agreement. 3.2 Each Party shall implement and maintain adequate and appropriate protective measures including technical and organisational security measures in order to protect Personal Data against unauthorised and unlawful processing, and against accidental loss, destruction or damage. Personal data shall at a minimum always be password protected and the number of staff who can access personal data should be restricted to those for whom access is strictly necessary for the relevant processing. 3.3 Notwithstanding any of the provisions of this Agreement, each Party acknowledges that it is responsible for its own compliance with Data Protection legislation. 3.4 Each Party shall (and shall ensure that its Personnel shall) co-operate with the other Party and provide such information and assistance as the other Party may reasonably require to enable the other Party: a) To comply with its obligations under the Data Protection Legislation in respect of Personal Data b) To deal with and respond to any enquiry relating to the personal data 3.5 If a Party receives an Enquiry which relates directly or indirectly to its sharing of Personal Data in accordance with this Agreement , or in relation to its compliance with Data Protection legislation, it shall notify the other Party as soon as is reasonably practicable. 3.6 Each Party shall, after discovering the Personal data has been subject to a Personal Data breach or data loss event, promptly within 1 business day notify the other Party of the same, and at its own expense, shall use its reasonable endeavours to: a) Minimise the impact of the breach and prevent such breach recurring; and b) Provide all reasonable assistance to the other Party as may be required in accordance with Data Protection legislation. 3.7 Subject to paragraph 3.6, above, neither Party shall take any action in relation to any Enquiry or Personal Data breach where it relates to the other Party’s processing of Personal Data as a ‘’controller’’ without prior written notice to the other Party and providing the other Party with a reasonable opportunity to contribute to the response to mitigate the impact of the action on the other Party. 3.8 Each Party shall maintain records of all processing operations under its responsibility in accordance with Data Protection legislation. 3.9 Neither Party will share personal data with a third party without the express written permission of the other Party.

Data Protection Obligations. 3.1 Each party shall ensure that it has in place all necessary notices and consents to enable the fair and lawful processing of Personal data Data in accordance with this Agreement. 3.2 Each Party shall implement and maintain adequate and appropriate protective measures including technical and organisational security measures in order to protect Personal Data against unauthorised and unlawful processing, and against accidental loss, destruction or damage. Personal data shall at a minimum always be password protected and the The number of staff who can access personal data Personal Data should be restricted to those for whom access is strictly necessary for the relevant processing. 3.3 Notwithstanding any of the provisions of this Agreement, each Party acknowledges that it is responsible for its own compliance with Data Protection legislation. 3.4 Each Party shall (and shall ensure that its Personnel shall) co-operate with the other Party and provide such information and assistance as the other Party may reasonably require to enable the other Party: a) To comply with its obligations under the Data Protection Legislation in respect of Personal Data b) To deal with and respond to any enquiry relating to the personal dataPersonal Data 3.5 If a Party receives an Enquiry which relates directly or indirectly to its sharing of Personal Data in accordance with this Agreement Agreement, or in relation to its compliance with Data Protection legislation, it shall notify the other Party as soon as is reasonably practicable. 3.6 Each Party shall, after discovering the Personal data Data has been subject to a Personal Data breach or data loss event, promptly within 1 business day notify the other Party of the same, and at its own expense, shall use its reasonable endeavours to: a) Minimise the impact of the breach and prevent such breach recurring; and b) Provide all reasonable assistance to the other Party as may be required in accordance with Data Protection legislation. 3.7 Subject to paragraph 3.6, above, neither Party shall take any action in relation to any Enquiry or Personal Data breach where it relates to the other Party’s processing of Personal Data as a ‘’controller’’ without prior written notice to the other Party and providing the other Party with a reasonable opportunity to contribute to the response to mitigate the impact of the action on the other Party. 3.8 Each Party shall maintain records of all processing operations under its responsibility in accordance with Data Protection legislation. 3.9 Neither Party will share personal data Personal Data with a third party without the express written permission of the other that Party.

Data Protection Obligations. 3.1 Each party shall ensure that it has in place all necessary notices and consents to enable the fair and lawful processing of Personal data Data in accordance with this AgreementAgreement for the Agreed Purposes. 3.2 Each Party shall implement and maintain adequate and appropriate protective measures Protective Measures including technical and organisational security measures in order to protect Personal Data against unauthorised and unlawful processing, and against accidental loss, destruction or damage. Personal data shall at a minimum always be password protected and the The number of staff who can access personal data should be restricted to those for whom access is strictly necessary for the relevant processing. 3.3 Notwithstanding any of the provisions of this Agreement, each Party acknowledges that it is responsible for its own compliance with Data Protection legislation. 3.4 Each Party shall (and shall ensure that its Personnel shall) co-operate with the other Party and provide such information and assistance as the other Party may reasonably require to enable the other Party: a) To comply with its obligations under the Data Protection Legislation in respect of Personal Data b) To deal with and respond to any enquiry relating to the personal dataShared Personal Data. 3.5 If a Party receives an Enquiry which relates directly or indirectly to its sharing of the Shared Personal Data in accordance with this Agreement Agreement, or in relation to its compliance with Data Protection legislation, it shall notify the other Party as soon as is reasonably practicable. 3.6 Each Party shall, after discovering the Personal data has been subject to a Personal Data breach or data loss event, promptly within 1 business day and with undue delay notify the other Party of the same, and at its own expense, shall use its reasonable endeavours to: a) Minimise the impact of the breach and prevent such breach recurring; and b) Provide all reasonable assistance to the other Party as may be required in accordance with Data Protection legislation. 3.7 Subject to paragraph 3.6, above, neither Party shall take any action in relation to any Enquiry or Personal Data breach where it relates to the other Party’s 's processing of the Shared Personal Data as a ‘’'controller’’ '' without prior written notice to the other Party and providing the other Party with a reasonable opportunity to contribute to the response to mitigate the impact of the action on the other Party. 3.8 Each Party shall maintain records of all processing operations under its responsibility in accordance with Data Protection legislation. 3.9 Neither Party will share personal data Personal Data with a third party party, other than the Permitted Recipients, without the express written permission of the other that Party.

Data Protection Obligations. 3.1 Each party shall ensure that it has in place all necessary notices and consents to enable the fair and lawful processing of Personal data Data in accordance with this AgreementAgreement for the Agreed Purposes. 3.2 Each Party shall implement and maintain adequate and appropriate protective measures Protective Measures including technical and organisational security measures in order to protect Personal Data against unauthorised and unlawful processing, and against accidental loss, destruction or damage. Personal data shall at a minimum always be password protected and the The number of staff who can access personal data should be restricted to those for whom access is strictly necessary for the relevant processing. 3.3 Notwithstanding any of the provisions of this Agreement, each Party acknowledges that it is responsible for its own compliance with Data Protection legislation. 3.4 Each Party shall (and shall ensure that its Personnel shall) co-operate with the other Party and provide such information and assistance as the other Party may reasonably require to enable the other Party: a) To comply with its obligations under the Data Protection Legislation in respect of Personal Data b) To deal with and respond to any enquiry relating to the personal dataShared Personal Data. 3.5 If a Party receives an Enquiry which relates directly or indirectly to its sharing of the Shared Personal Data in accordance with this Agreement Agreement, or in relation to its compliance with Data Protection legislation, it shall notify the other Party as soon as is reasonably practicable. 3.6 Each Party shall, after discovering the Personal data has been subject to a Personal Data breach or data loss event, promptly within 1 business day and with undue delay notify the other Party of the same, and at its own expense, shall use its reasonable endeavours to: a) Minimise the impact of the breach and prevent such breach recurring; and b) Provide all reasonable assistance to the other Party as may be required in accordance with Data Protection legislation. 3.7 Subject to paragraph 3.6, above, neither Party shall take any action in relation to any Enquiry or Personal Data breach where it relates to the other Party’s processing of the Shared Personal Data as a ‘’controller’’ without prior written notice to the other Party and providing the other Party with a reasonable opportunity to contribute to the response to mitigate the impact of the action on the other Party. 3.8 Each Party shall maintain records of all processing operations under its responsibility in accordance with Data Protection legislation. 3.9 Neither Party will share personal data Personal Data with a third party party, other than the Permitted Recipients, without the express written permission of the other that Party.