DATA SECURITY BREACHES AND REPORTING PROCEDURES. 5.1. The parties agree to provide reasonable assistance to each other to facilitate the handling of any data security breach in an expeditious and compliant manner.
DATA SECURITY BREACHES AND REPORTING PROCEDURES. 11.1 The Parties are under a strict obligation to notify any potential or actual losses of the Shared Personal Data to the other Party as soon as possible and, in any event, within 1 Business Day of identification of any potential or actual loss to enable the Parties to consider what action is required in order to resolve the issue in accordance with the applicable national data protection laws and guidance.
DATA SECURITY BREACHES AND REPORTING PROCEDURES. 14.1 The Data Processor is under a strict obligation to immediately notify the Data Controller of any Data Security Breach and no later than within 24 hours of the Data Processor becoming aware of the breach. Commented [LS12]: Subject to further discussion with the Data Protection Officer.
DATA SECURITY BREACHES AND REPORTING PROCEDURES. 6.1 The PAA must notify any data security breach in relation to any personal data processed by them under this Agreement to the Commissioner without undue delay and in any event no later than 24 hours after becoming aware of it, following the procedure in Schedule Two of the Agreement.
DATA SECURITY BREACHES AND REPORTING PROCEDURES. 11.1 Having considered the Privacy and Data Protection Requirements, the parties have in place their own guidance that must be followed in the event of a Data Security Breach.
DATA SECURITY BREACHES AND REPORTING PROCEDURES. 15 The parties agree to provide reasonable assistance to each other to facilitate the handling of any Data Security Breach in an expeditious and compliant manner. 16 The parties should notify any relevant potential or actual losses of the Shared Personal Data and remedial steps taken, either through mechanisms specified by the parties from time to time or otherwise to each and every relevant SPoC as soon as possible, to enable the parties to consider what further action is required either individually or jointly. REVIEW AND TERMINATION OF PROTOCOL 17 The nature of the arrangements between the parties is such that it is extremely unlikely that the Protocol will be terminated in its entirety. Should both parties unanimously wish to terminate the Protocol, a process to identify the future ownership of and confirm as necessary mutual rights to use any Shared Personal Data will be undertaken and completed prior to termination of the Protocol. 18 The parties shall review the effectiveness of this data sharing Protocol every five years or upon the request of one of the parties, having consideration to the aims and purposes set out in clause 5, and to current Data Protection Legislation, and to any concerns raised at that time by one or more of the parties. The parties shall continue or amend the Protocol depending on the outcome of the review but in the meantime the Protocol shall continue in full force and effect. 19 Each party is responsible for their own legal compliance and self-audit. A party, however, reasonably may ask to inspect another party or parties’ arrangements for the processing of Shared Personal Data and may request a review of the Protocol where it considers that another party is not processing the Shared Personal Data in accordance with this Protocol, and the matter has demonstrably not been resolved through discussions between the relevant SPoCs. CHANGES TO APPLICABLE DATA PROTECTION LEGISLATION 20 Should the applicable Data Protection Legislation change in a way that the Protocol is no longer adequate for the purpose of governing lawful data sharing exercises, the Parties agree that the SPoCs will negotiate in good faith to review the Protocol in light of the new legislation but in the meantime the Protocol shall continue in full force and effect.
DATA SECURITY BREACHES AND REPORTING PROCEDURES. Having considered the applicable Data Protection Legislation, the Parties confirm they have in place their own guidance that must be followed in the event of a Data Security Breach. Parties are under a strict obligation to notify any potential or actual losses of the Shared Personal Data or any breach of security which may compromise the security of the Shared Personal Data to the other Party’s SPoC as soon as possible and, in any event, within 24 hours of identification of any potential or actual loss to enable the Parties to consider what action is required in order to resolve the issue in accordance with the applicable Data Protection Legislation. The Parties agree to provide reasonable assistance as is necessary to each other to facilitate the handling of any Data Security Breach in an expeditious and compliant manner. Notification of security breaches, as per Condition 11.2, should be made to each Party’s relevant Information Security/Information Governance team identified in the Agreement.
DATA SECURITY BREACHES AND REPORTING PROCEDURES. The Parties undertake to notify any Data Security Breach in relation to the Shared Data to each other as soon as possible and, in any event, within 48 hours of knowledge of the Data Security Breach so as to enable the Parties to consider what action is required in order to resolve the issue in accordance with the GDPR and the Data Protection Acts.
DATA SECURITY BREACHES AND REPORTING PROCEDURES. 9.1. The Data Processor is under a strict obligation to notify the Data Controller and the Data Controller’s Key Contact of any potential or actual losses of the Shared Personal Data as soon as possible and, in any event, within 24 hours of identification of any Data Security Breach. Such notification shall:
DATA SECURITY BREACHES AND REPORTING PROCEDURES. 13.1 The Processor will promptly and without undue delay notify the Controller if any Personal Data is lost or destroyed or becomes damaged, corrupted, or unusable. The Processor will restore such Personal Data at its own expense.
