Notification of Security Incidents. The Institution and the Principal Investigator agrees to notify SPONSOR European Data Protection Officer at …… within thirty-six (36) hours of the discovery of a Security Incident. In the course of notification the Institution and Principal Investigator will provide, as feasible, sufficient information for the Parties to jointly assess the Security Incident and make any required notification to any Regulatory Authority within the timeline required by Applicable Law. Such information may include, but is not necessarily limited to: The nature of the Security Incident, the categories and approximate number of data subjects and Personal Data records; The likely consequences of the Security Incident, in so far as consequences are able to be determined; and Any measures taken to address or mitigate the incident. The Sponsor will decide on the basis of all available information and applicable Law if the Security Incident will be considered a Data Security Breach and arrange for notification to data subjects and/or Regulatory Authorities if required by law. Where Sponsor decides that notification is required by law, Sponsor shall be responsible for providing such notification.
Appears in 11 contracts
Samples: Clinical Trial Agreement, Clinical Trial Agreement, Clinical Trial Agreement
