INFORMATION GOVERNANCE AND DATA PROTECTION Sample Clauses

INFORMATION GOVERNANCE AND DATA PROTECTION. Each Party shall comply with Data Protection Legislation, Data Guidance, the FOIA and the EIR (together the “Applicable Laws”), and shall assist each other Party as necessary to enable the others to comply with these obligations. The Company must comply with and must demonstrate satisfactory compliance with clause 15.1 above. The Company shall: nominate an Information Governance Lead; nominate a Data Protection Officer, if applicable; and ensure that the Shareholder is kept informed at all times of the identities and contact details of the Information Governance Lead and the Data Protection Officer (if applicable). If the Company is required under Data Protection Legislation to notify the Information Commissioner or a Data Subject of a Personal Data Breach, then, within 48 hours of the breach occurring, the Company must inform the Shareholder of the Personal Data Breach, and the Company will report the breach to the Information Commissioner within 72 hours as is required within the Data Protection Legislation. Each Party shall comply with all applicable requirements of the Data Protection Legislation. This clause 15.5 is in addition to, and does not relieve, remove or replace, a Party's obligations under the Data Protection Legislation. Whether or not a party to this Agreement, a Subsidiary or sub-contractor is a Data Controller or Data Processor will be determined in accordance with Data Protection Legislation and any further Data Guidance. The Parties acknowledge that a Party, a Subsidiary or sub-contractor may act as both a Data Controller and a Data Processor, or a Joint Data Controller. Without prejudice to the foregoing provisions of this clause, EFDC will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to the Company for the duration and purposes of this Agreement. Where required under Data Protection Legislation, the Company shall ensure that it has a Privacy Notice or Consent Notice in place. Any failure by the Company to inform individuals as required by Data Protection Legislation or Data Guidance about the uses of Personal Data that may take place under this Agreement cannot be relied on by the Company as evidence that such use is unlawful and therefore not contractually required. Without prejudice to the other provisions of this clause 15, the Company must ensure that all Personal Data processed by or on behalf of the Company in the course of delivering the Services is p...
AutoNDA by SimpleDocs
INFORMATION GOVERNANCE AND DATA PROTECTION. 12.1 The Lead Partner and the Partners shall comply with the provisions of Schedule 3.
INFORMATION GOVERNANCE AND DATA PROTECTION. 11.2.1 The Parties must comply with Data Protection Legislation, Data Guidance, the FOIA and the EIR, and must assist each other as necessary to enable each other to comply with these obligations. 11.2.2 The Service Provider must comply with and must demonstrate satisfactory compliance with clause 11.2.1 above.
INFORMATION GOVERNANCE AND DATA PROTECTION. 13.2.1 The Parties must comply with Data Protection Legislation, Data Guidance, the FOIA and the EIR, and must assist each other as necessary to enable each other to comply with these obligations. 13.2.2 The Supplier must comply with and must demonstrate satisfactory compliance with Condition 13.2.1 above. 13.2.3 The Supplier must: (a) nominate an Information Governance Lead; (b) where required by Data Protection Legislation, nominate a Data Protection Officer if applicable; and (c) ensure that the Council is kept informed at all times of the identities and contact details of the Information Governance Lead and the Data Protection Officer if applicable. 13.2.4 If the Service Provider is required under Data Protection Legislation to notify the Information Commissioner or a Data Subject of a Personal Data Breach then within 48 (forty-eight) hours of the Personal Data Breach occurring the Service Provider must inform the Council of the Personal Data Breach together with confirmation of what steps the Service Provider is taking to comply with the Data Protection Legislation (such steps to include but not be limited to reporting the Personal Data Breach to the Information Commissioner within 72 (seventy-two) hours of the Personal Data Breach Occurring). 13.2.5 Both Parties will comply with all applicable requirements of the Data Protection Legislation. This Condition 13.2 is in addition to, and does not relieve, remove or replace, a Party's obligations under the Data Protection Legislation. 13.2.6 Whether or not a Party or Sub-Contractor is a Data Controller or Data Processor will be determined in accordance with Data Protection Legislation and any further Data Guidance. The Parties acknowledge that a Party or Sub-Contractor may act as both a Data Controller and a Data Processor, or a Joint Data Controller. 13.2.7 Without prejudice to the generality of Condition 13.2, the Parties will ensure that they have all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to the other Party for the duration and purposes of this Agreement. 13.2.8 Where required under Data Protection legislation, the Supplier shall ensure that it has a Privacy Notice or Consent Notice in place. 13.2.9 Any failure by the Supplier to inform individuals as required by Data Protection Legislation or Data Guidance about the uses of Personal Data that may take place under this Agreement cannot be relied on by the Services Provider as evidence that su...

Related to INFORMATION GOVERNANCE AND DATA PROTECTION

  • Data Protection All personal data contained in the agreement shall be processed in accordance with Regulation (EC) No 45/2001 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by the EU institutions and bodies and on the free movement of such data. Such data shall be processed solely in connection with the implementation and follow-up of the agreement by the sending institution, the National Agency and the European Commission, without prejudice to the possibility of passing the data to the bodies responsible for inspection and audit in accordance with EU legislation (Court of Auditors or European Antifraud Office (XXXX)). The participant may, on written request, gain access to his personal data and correct any information that is inaccurate or incomplete. He/she should address any questions regarding the processing of his/her personal data to the sending institution and/or the National Agency. The participant may lodge a complaint against the processing of his personal data with the [national supervising body for data protection] with regard to the use of these data by the sending institution, the National Agency, or to the European Data Protection Supervisor with regard to the use of the data by the European Commission.

  • Confidentiality and Data Protection We are a data controller for the information you provide to us including individual, identification and financial details, policy history and special category data (such as medical or criminal history). Details of our legal basis for processing your information, along with details of any third party recipient whom it may be necessary to share your personal data with in order to fulfil the contract, retention period for data held, security of your data, your rights under the UK General Data Protection Regulations (UK GDPR) including the right to complain can be found in our full ‘Privacy Notice’ attached to these terms of business and/or on our website at xxx.xxxxxxxxxxxxxxxx.xx.xx.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!