Common use of Notification of personal data breach Clause in Contracts

Notification of personal data breach. 1. In case of a personal data breach, the Data Processor must, without undue delay after having become aware of it, notify the Data Controller of the personal data breach. 2. The Data Processor’s notification to the Data Controller should, if possible, take place within 48 hours after the Data Processor has become aware of the personal data breach to enable the Data Controller to comply with the Data Controller’s obligation to notify the personal data breach to the competent supervisory authority, cf. Article 33 of the GDPR. 3. In accordance with Term 9(2)(a), the Data Processor must assist the Data Controller in notifying the personal data breach to the competent supervisory authority, meaning that the Data Processor is required to assist in obtaining the information listed below which, pursuant to Article 33(3) of the GDPR, must be stated in the Data Controller’s notification to the competent supervisory authority: a. The nature of the personal data including where possible, the categories and approximate number of Data Subjects concerned and the categories and approximate number of personal data records concerned; b. the likely consequences of the personal data breach; c. the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects. 4. All the elements to be provided by the Data Processor when assisting the Data Controller in the noti- fication of a personal data breach to the competent supervisory authority are specified in Appendix D.

Notification of personal data breach. 19.1. In case of a any personal data breach, the Data Processor mustdata processor shall, without undue delay after having become aware of it, notify the Data Controller data controller of the personal data breach. 29.2. The Data Processordata processor’s notification to the Data Controller shoulddata controller shall, if possible, take place within 48 hours 24 HOURS after the Data Processor data processor has become aware of the personal data breach to enable the Data Controller data controller to comply with the Data Controllerdata controller’s obligation to notify the personal data breach to the competent supervisory authority, cf. Article 33 of in the GDPR. 39.3. In accordance with Term Clause 9(2)(a), the Data Processor must data processor shall assist the Data Controller data controller in notifying the personal data breach to the competent supervisory authority, meaning that the Data Processor data processor is required to assist in obtaining the information listed below which, pursuant to Article 33(3) of in the GDPR, must shall be stated in the Data Controllerdata controller’s notification to the competent supervisory authority: a. The nature of the personal data including where possible, the categories and approximate number of Data Subjects data subjects concerned and the categories and approximate number of personal data records concerned; b. the likely consequences of the personal data breach; c. the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects. 49.4. All The parties shall define in Appendix C all the elements to be provided by the Data Processor data processor when assisting the Data Controller data controller in the noti- fication notification of a personal data breach to the competent supervisory authority are specified in Appendix D.authority.

Notification of personal data breach. 1. In case of a personal data breach, the Data Processor must, without undue delay after having become aware of it, notify the Data Controller of the personal data breach. 2. The Data Processor’s notification to the Data Controller should, if possible, take place within 48 hours after the Data Processor has become aware of the personal data breach to enable the Data Controller to comply with the Data Controller’s obligation to notify the personal data breach to the competent supervisory authority, cf. Article 33 of the GDPR. 3. In accordance with Term 9(2)(a), the Data Processor must assist the Data Controller in notifying the personal data breach to the competent supervisory authority, meaning that the Data Processor Proces- sor is required to assist in obtaining the information listed below which, pursuant to Article 33(3) of the GDPR, must be stated in the Data Controller’s notification to the competent supervisory authority: a. The nature of the personal data including where possible, the categories and approximate approxi- mate number of Data Subjects concerned and the categories and approximate number of personal data records concerned; b. the likely consequences of the personal data breach; c. the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effectsef- fects. 4. All the elements to be provided by the Data Processor when assisting the Data Controller in the noti- fication notification of a personal data breach to the competent supervisory authority are is specified in Appendix Ap- pendix D.

Notification of personal data breach. 1. In case of a personal data breach, the Data Processor must, without undue delay after having become aware of it, notify the Data Controller of the personal data breach. 2. The Data Processor’s notification to the Data Controller should, if possible, take place within 48 hours after the Data Processor has become aware of the personal data breach to enable the Data Controller to comply with the Data Controller’s obligation to notify the personal data breach to the competent supervisory authority, cf. Article 33 of the GDPR. 3. In accordance with Term Clause 9(2)(a), the Data Processor must assist the Data Controller in notifying the personal data breach to the competent supervisory authority, meaning that the Data Processor Proces- sor is required to assist in obtaining the information listed below which, pursuant to Article 33(3) of the GDPR, must be stated in the Data Controller’s notification to the competent supervisory authority: a. The nature of the personal data including where possible, the categories and approximate approxi- mate number of Data Subjects concerned and the categories and approximate number of personal data records concerned; b. the likely consequences of the personal data breach; c. the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effectsef- fects. 4. All the elements to be provided by the Data Processor when assisting the Data Controller in the noti- fication notification of a personal data breach to the competent supervisory authority are is specified in Appendix Ap- pendix D.

Notification of personal data breach. 1. In case of a any personal data breach, the Data Processor mustdata processor shall, without undue delay after having become aware of it, notify the Data Controller data controller of the personal data breach. 2. The Data Processordata processor’s notification to the Data Controller shoulddata controller shall, if possible, take place within 48 hours after the Data Processor data processor has become aware of the personal data breach to enable the Data Controller data controller to comply with the Data Controllerdata controller’s obligation to notify the personal data breach to the competent supervisory authority, cf. Article 33 of the GDPR. 3. In accordance with Term Clause 9(2)(a), the Data Processor must data processor shall assist the Data Controller data controller in notifying the personal data breach to the competent supervisory authority, meaning that the Data Processor data proces- sor is required to assist in obtaining the information listed below which, pursuant to Article 33(3) of the GDPR33(3)GDPR, must shall be stated in the Data Controllerdata controller’s notification to the competent supervisory authorityau- thority: a. The nature of the personal data including where possible, the categories and approximate approxi- mate number of Data Subjects data subjects concerned and the categories and approximate number of personal data records concerned; b. the likely consequences of the personal data breach; c. the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effectsef- fects. 4. All The parties shall define in Appendix D all the elements to be provided by the Data Processor data processor when assisting the Data Controller data controller in the noti- fication notification of a personal data breach to the competent supervisory authority are specified in Appendix D.super- visory authority.

Notification of personal data breach. ‌ 1. In case of a personal data breach, the Data Processor must, without undue delay after having become aware of it, notify the Data Controller of the personal data breach. 2. The Data Processor’s notification to the Data Controller should, if possible, take place within 48 hours after the Data Processor has become aware of the personal data breach to enable the Data Controller to comply with the Data Controller’s obligation to notify the personal data breach to the competent supervisory authority, cf. Article 33 of the GDPR. 3. In accordance with Term Clause 9(2)(a), the Data Processor must assist the Data Controller in notifying the personal data breach to the competent supervisory authority, meaning that the Data Processor is required to assist in obtaining the information listed below which, pursuant to Article 33(3) of the GDPR, must be stated in the Data Controller’s notification to the competent supervisory authority: a. The nature of the personal data including where possible, the categories and approximate number of Data Subjects concerned and the categories and approximate number of personal data records concerned; b. the likely consequences of the personal data breach; c. the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects. 4. All the elements to be provided by the Data Processor when assisting the Data Controller in the noti- fication notification of a personal data breach to the competent supervisory authority are is specified in Appendix D.

Notification of personal data breach. 1. In case of a any personal data breach, the Data Processor mustdata processor shall, without undue delay after having become aware of it, notify the Data Controller data controller of the personal data breach. 2. The Data Processordata processor’s notification to the Data Controller shoulddata controller shall, if possible, take place within 48 24 hours after the Data Processor data processor has become aware of the personal data breach breach, to enable the Data Controller data controller to comply with the Data Controllerdata controller’s obligation to notify report the personal data breach to the competent supervisory authority, cf. authority pursuant to Article 33 of the GDPR. 3. In accordance with Term clause 9(2)(a), the Data Processor must data processor shall assist the Data Controller data controller in notifying reporting the personal data breach to the competent supervisory authority, meaning that the Data Processor data processor is required to assist in obtaining the information listed below which, pursuant to Article 33(3) of the GDPR, must shall be stated in the Data Controllerdata controller’s notification report of the breach to the competent supervisory authority: a. The nature of the personal data including breach including, where possible, the categories cate- gories and approximate number of Data Subjects data subjects concerned and the categories catego- xxxx and approximate number of personal data records concerned; b. the likely consequences of the personal data breach; c. the measures taken or proposed to be taken by the data controller to address the personal data breach, breach including, where appropriate, measures to mitigate its possible adverse effects. 4. All The parties shall define in Appendix C all the elements to be provided by the Data Processor data processor when assisting the Data Controller data controller in the noti- fication reporting of a personal data breach to the competent supervisory authority are specified in Appendix D.authority.

Notification of personal data breach. 1. In case of a personal data breach, the Data Processor must, without undue delay after having become aware of it, notify the Data Controller of the personal data breach. 2. The Data Processor’s notification to the Data Controller should, if possible, take place within 48 hours after the Data Processor has become aware of the personal data breach to enable the Data Controller to comply with the Data Controller’s obligation to notify the personal data breach to the competent supervisory authority, cf. Article 33 of the GDPR. 3. In accordance with Term 9(2)(a), the Data Processor must assist the Data Controller in notifying the personal data breach to the competent supervisory authority, meaning that the Data Processor Proces- sor is required to assist in obtaining the information listed below which, pursuant to Article 33(3) of the GDPR, must be stated in the Data Controller’s notification to the competent supervisory authority: a. The nature of the personal data including where possible, the categories and approximate approxi- mate number of Data Subjects concerned and the categories and approximate number of personal data records concerned; b. the likely consequences of the personal data breach; c. the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effectsef- fects. 4. All the elements to be provided by the Data Processor when assisting the Data Controller in the noti- fication notification of a personal data breach to the competent supervisory authority are specified in Appendix Ap- pendix D.