Information Obligations and Incident Management. 7.1 When the Data Processor becomes aware of an incident that impacts the Processing of the Personal Data that is the subject of the Services Agreement, it shall promptly notify the Data Controller about the incident, shall at all times cooperate with the Data Controller, and shall follow the Data Controller’s instructions with regard to such incidents, in order to enable the Data Controller to perform a thorough investigation into the incident, to formulate a correct response, and to take suitable further steps in respect of the incident.
Information Obligations and Incident Management. 9.1 When the Data Importer becomes aware of an incident that impacts the Processing of the Personal Data that is the subject of the Service Agreement, it shall promptly notify the Data Exporter about the incident, shall at all times cooperate with the Data Exporter, and shall follow the Data Exporter’s instructions with regard to such incidents, in order to enable the Data Exporter to perform a thorough investigation into the incident, to formulate a correct response, and to take suitable further steps in respect of the incident.
Information Obligations and Incident Management. When the Data Processor becomes aware of an Incident that impacts the Processing of the Personal Data that was provided under the Services Agreement, it shall promptly notify the Data Controller about the Incident within 48 hours of its becoming aware of the Incident. The Data Processor shall reasonably cooperate with the Data Controller and shall follow the Data Controller’s reasonable instructions with regard to such Incidents that solely affect Personal Data that was provided to the Data Processor under the Services Agreement in order to enable the Data Controller to perform a thorough investigation into the Incident, to formulate a correct response, and to take suitable further steps in respect of the Incident.
Information Obligations and Incident Management. When the Data Processor becomes aware of an incident that impacts the Processing of the Personal Data that is the subject of the Services Agreement, it shall promptly notify the Data Controller about the incident, shall at all times cooperate with the Data Controller, and shall follow the Data Controller’s instructions with regard to such incidents, in order to enable the Data Controller to perform a thorough investigation into the incident, to formulate a correct response, and to take suitable further steps in respect of the incident. The term “incident” used in Article 7.1 shall be understood to mean in any case: a complaint or a request with respect to the exercise of a data subject’s rights under EU Data Protection Law; an investigation into or seizure of the Personal Data by government officials, or a specific indication that such an investigation or seizure is imminent; any unauthorized or accidental access, processing, deletion, loss or any form of unlawful processing of the Personal Data; any breach of the security and/or confidentiality as set out in Articles 3 and 4 of this Data Processing Agreement leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, the Personal Data, or any significant indication of such breach having taken place or being about to take place; where, in the opinion of the Data Processor, implementing an instruction received from the Data Controller would violate applicable laws to which the Data Controller or the Data Processor are subject. The Data Processor shall at all times have in place written procedures which enable it to promptly respond to the Data Controller about an incident. Where the incident is reasonably likely to require a data breach notification by the Data Controller under applicable EU Data Protection Law, the Data Processor shall implement its written procedures in such a way that it is in a position to notify the Data Controller no later than 48 hours of having become aware of such an incident. Any notifications made to the Data Controller pursuant to this Article 7 shall be addressed to the employee of the Data Controller whose contact details are provided in Annex 1 of this Data Processing Agreement, and shall contain, to the extent known after reasonable investigation:
Information Obligations and Incident Management a. The Data Processor shall notify the Data Controller promptly of becoming aware of a personal data breach involving Data Controller Personal Data and provide the Data Controller with information relevant to reasonably assist the Data Controller with its own notification obligations as applicable to Data Controller under EU Data Protection Law which may include the following: (i) a description of the nature of the personal data breach; (ii) the categories and approximate number of data subjects impacted; (iii) a description of the measures taken or proposed to be taken by the Data Processor to address the personal data breach.
Information Obligations and Incident Management. 9.1. The Data Processor shall at all times without undue delay notify the Data Controller of any incident with regard to the processing of the Personal Data, shall at all times cooperate with the Data Controller and shall follow the Data Controllers instructions with regard to such incidents, in order to enable the Data Controller to perform a thorough investigation into the incidents, to formulate a correct response and to take suitable further steps in respect of the incident. Specifically, the Data Processor warrants that it provides the Data Controller with all information necessary to fulfil its legal obligations, such as the obligation to notify incidents as stipulated in article 33 and 34 UK GDPR.
Information Obligations and Incident Management. 9.1. When the Operator becomes aware of an incident that has a material impact on the processing of the personal information that is the subject of agreements as set out in clause 2.1, it shall promptly notify the Responsible Party about the incident, shall at all times cooperate with the Responsible Party, and shall follow the Responsible Party’s instructions with regard to such incidents, in order to enable the Responsible Party to perform a thorough investigation into the incident, to formulate a correct response, and to take suitable further steps in respect of the incident.
Information Obligations and Incident Management. 7.1 The Data Processor shall at all times have in place written procedures which enable it to promptly, within seventy-two (72) hours, notify the Data Controller about the incident, shall at all times cooperate with the Data Controller, and shall follow the Data Controller's instructions with regard to such incidents, in order to enable the Data Controller to perform a thorough investigation into the incident, to formulate a correct response, and to take suitable further steps in respect of the incident.
Information Obligations and Incident Management. When the Data Processor becomes aware of an Incident that impacts the Processing of the Personal Information that is the subject of this DPTA and the Contract, it shall promptly and, whenever possible, within 48 hours, notify the Data Controller about the Incident, shall cooperate with the Data Controller and shall follow the Data Controller’s instructions with regard to such Incidents, except where prohibited by law or where the Incident involves the data of multiple data controllers. If the Incident involves the Personal Information of multiple data controllers, Data Processor shall take reasonable measures to investigate, inform the data controllers, and remediate the issue. When the Data Processor is not able to provide the notice within 48 hours, it shall provide the Data Controller with an explanation for the delay that it will be allowed to share with regulators. The Data Processor shall at all times have in place written incident response procedures. Any notifications made to the Data Controller pursuant to this clause 11.2 shall be addressed to the employee of the Data Controller whose contact details are provided in clause 14.4 of this DPTA, and shall contain:
Information Obligations and Incident Management. When the Processor becomes aware of an incident that has a material impact on the Processing of the Personal Data that is the subject of the Agreements, it shall promptly notify the Controller about the incident, shall at all times cooperate with the Controller, and shall follow the Controller’s instructions with regard to such incidents, in order to enable the Controller to perform a thorough investigation into the incident, to formulate a correct response, and to take suitable further steps in respect of the incident. When the Processor becomes aware of a “breach incident” that has a material impact on the Processing of the Personal Data that is the subject of the Agreements, it shall implement the agreed breach exploration process outlined in process 0000 of Annex 2.
