Common use of Protection of Data Clause in Contracts

Protection of Data. 1.1 It is understood by each Authority that there is a great deal of data, much of it sensitive, processed by the adoption teams in each Authority area. As a result of the collaborative working it is likely that, at times, Personal Data may be transferred between Authorities for the benefit of the Project. 1.2 This Schedule aims to clarify each Authorities duty when receiving Personal Data from another Authority. 1.3 With respect to the Authorities rights and obligations under this Agreement, the Authorities agree that each Authority is the Data Controller in respect of the work undertaken in that area relating to the Integrated Service. And that if such Data is passed to another Authority that Authority will be regarded as the Data Processor. 1.4 Each Authority that acts as Processor shall: (a) Process the Personal Data only in accordance with instructions from the Data Controller; (b) Process the Personal Data only to the extent, and in such manner, as is necessary for the provision of the Project or as is required by law or any regulatory body; (c) implement appropriate technical and organisational measures to protect the Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure; (d) obtain prior written consent from the Authority in order to transfer the Personal Data to any affiliates for the provision of the Project; (e) ensure that all Employees required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Schedule; (f) ensure that none of the Employees publish, disclose or divulge any of the Personal Data to any third party unless directed in writing to do so by the Data Controller; (g) notify the Data Controller (within five Working Days), if it receives: (i) a request from a Data Subject to have access to that person's Personal Data; or (ii) a complaint or request relating to the Authority's obligations under the Data Protection Legislation; (iii) provide the Authority with full co-operation and assistance in relation to any complaint or request made, including by: (iv) providing the Authority with full details of the complaint or request; (v) providing the Authority with any Personal Data it holds in relation to a Data Subject (within the timescales required by the Authority); and (vi) providing the Authority with any information requested by the Authority. 1.5 Each Authority shall comply at all times with the Data Protection Legislation and shall not perform its obligations under this agreement in such a way as to cause any other Authority to breach any of its applicable obligations under the Data Protection Legislation. 1.6 Each Authority agrees that if a data subject access request is received then the Authority which is deemed to be Data Controller shall be responsible for all expenses relating to such request.

Protection of Data. 1.1 It is understood by each Authority that there is a great deal of data, much of it sensitive, processed by the adoption teams in each Authority area. As a result of the collaborative working it is likely that, at times, Personal Data may be transferred between Authorities for the benefit of the ProjectIntegrated Service. 1.2 This Schedule aims to clarify each Authorities duty when receiving Personal Data from another Authority. 1.3 With respect to the Authorities rights and obligations under this Agreement, the Authorities agree that each Authority is the Data Controller in respect of the work undertaken in that area relating to the Integrated Service. And that if such Data is passed to another Authority that Authority will be regarded as the Data Processor. 1.4 Each Authority that acts as Processor shall: (a) Process the Personal Data only in accordance with instructions from the Data Controller; (b) Process the Personal Data only to the extent, and in such manner, as is necessary for the provision of the Project or Integrated Serviceor as is required by law or any regulatory body; (c) implement appropriate technical and organisational measures to protect the Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure; (d) obtain prior written consent from the Authority in order to transfer the Personal Data to any affiliates for the provision of the ProjectIntegrated Service; (e) ensure that all Employees required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Schedule; (f) ensure that none of the Employees publish, disclose or divulge any of the Personal Data to any third party unless directed in writing to do so by the Data Controller; (g) notify the Data Controller (within five Working Days), if it receives: (i) a request from a Data Subject to have access to that person's Personal Data; or (ii) a complaint or request relating to the Authority's obligations under the Data Protection Legislation; ; In relation to (iiig) (i) the Data Processor shall provide the Authority Data Controller with and personal data it holds in relation to a Data Subject (within timescales required by the Data Processor). In relation to (g) (ii) the Data Processor shall provide the Data Controller with full co-operation and assistance in relation to any complaint or request made, including by: (iv) providing the Authority with full details of the complaint or request; (v) providing the Authority with any Personal Data it holds in relation to a Data Subject (within the timescales required by the Authority); and (vi) providing the Authority with any information requested by the Authority. 1.5 Each Authority shall comply at all times with the Data Protection Legislation and shall not perform its obligations under this agreement in such a way as to cause any other Authority to breach any of its applicable obligations under the Data Protection Legislation. 1.6 Each Authority agrees that if a data subject access request is received then the Authority which is deemed to be Data Controller shall be responsible for all expenses relating to such request.

Protection of Data. 1.1 It is understood by each Authority that there is a great deal of data, much of it sensitive, processed by the adoption teams in each Authority area. As a result of the collaborative working it is likely that, at times, Personal Data may be transferred between Authorities for the benefit of the Project. 1.2 This Schedule aims to clarify each Authorities Party’s duty when receiving Personal Data from another Authoritythe other Party. 1.3 With respect to the Authorities Parties rights and obligations under this Agreement, the Authorities Parties agree that each Authority Party is the Data Controller in respect of the work undertaken in that area relating to delivering the Integrated Service. And Services and that if such Data is passed to another Authority the other Party that Authority Party will be regarded as the Data Processor. 1.4 Each Authority Party that acts as Processor shall: (a) Process process the Personal Data only in accordance with instructions from the Data Controller; (b) Process process the Personal Data only to the extent, and in such manner, as is necessary for the provision of the Project Service or as is required by law or any regulatory body; (c) implement Implement appropriate technical and organisational measures to protect the Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure; (d) obtain prior written consent from the Authority Party in order to transfer the Personal Data to any affiliates for the provision of the ProjectService; (e) ensure that all Employees required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Schedule; (f) ensure that none of the Employees publish, disclose or divulge any of the Personal Data to any third party unless directed in writing to do so by the Data Controller; (g) notify the Data Controller (within five Working Days), if it receives: (i) a request from a Data Subject to have access to that person's Personal Data; or (ii) a complaint or request relating to the AuthorityParty's obligations under the Data Protection Legislation; ; In relation to (iiig) (i) the Data Processor shall provide the Authority Data Controller with the personal data it holds in relation to a Data Subject (within timescales required by the Data Processor). In relation to (g) (ii) the Data Processor shall provide the Data Controller with full co-operation and assistance in relation to any complaint or request made, including by: (iv) providing the Authority with full details of the complaint or request; (v) providing the Authority with any Personal Data it holds in relation to a Data Subject (within the timescales required by the Authority); and (vi) providing the Authority with any information requested by the Authority. 1.5 Each Authority Party shall comply at all times with the Data Protection Legislation and shall not perform its obligations under this agreement Agreement in such a way as to cause any the other Authority Party to breach any of its applicable obligations under the Data Protection Legislation. 1.6 Each Authority Party agrees that if a data subject access request is received then the Authority Party which is deemed to be Data Controller shall be responsible for all expenses relating to such request.

Protection of Data. 1.1 It is understood by each Authority that there is a great deal of data, much of it sensitive, processed by the adoption teams in each Authority area. As a result of the collaborative working it is likely that, at times, Personal Data may be transferred between Authorities for the benefit of the ProjectIntegrated Service. 1.2 This Schedule aims to clarify each Authorities duty when receiving Personal Data from another Authority. 1.3 With respect to the Authorities rights and obligations under this Agreement, the Authorities agree that each Authority is the Data Controller in respect of the work undertaken in that area relating to the Integrated Service. And that if such Data is passed to another Authority that Authority will be regarded as the Data Processor. 1.4 Each Authority that acts as Processor shall: (a) Process the Personal Data only in accordance with instructions from the Data Controller; (b) Process the Personal Data only to the extent, and in such manner, as is necessary for the provision of the Project or Integrated Serviceor as is required by law or any regulatory body; (c) implement appropriate technical and organisational measures to protect the Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure; (d) obtain prior written consent from the Authority in order to transfer the Personal Data to any affiliates for the provision of the ProjectIntegrated Service; (e) ensure that all Employees required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Schedule; (f) ensure that none of the Employees publish, disclose or divulge any of the Personal Data to any third party unless directed in writing to do so by the Data Controller; (g) notify the Data Controller (within five Working Days), if it receives: (i) a request from a Data Subject to have access to that person's Personal Data; or (ii) a complaint or request relating to the Authority's obligations under the Data Protection Legislation; ; In relation to (iiig) (i) the Data Processor shall provide the Authority Data Controller with and personal data it holds in relation to a Data Subject (within timescales required by the Data Processor). In relation to (g) (ii) the Data Processor shall provide the Data Controller with full co-operation operaton and assistance in relation to any complaint or request made, including by: (iv) providing the Authority with full details of the complaint or request; (v) providing the Authority with any Personal Data it holds in relation to a Data Subject (within the timescales required by the Authority); and (vi) providing the Authority with any information requested by the Authority. 1.5 Each Authority shall comply at all times with the Data Protection Legislation and shall not perform its obligations under this agreement in such a way as to cause any other Authority to breach any of its applicable obligations under the Data Protection Legislation. 1.6 Each Authority agrees that if a data subject access request is received then the Authority which is deemed to be Data Controller shall be responsible for all expenses relating to such request.

Protection of Data. 1.1 It is understood by each Authority that there is a great deal of data, much of it sensitive, processed by the adoption teams in each Authority area. As a result of the collaborative working it is likely that, at times, Personal Data may be transferred between Authorities for the benefit of the TraCC Project. 1.2 This Schedule aims to clarify each Authorities Authority’s duty when receiving Personal Data from another Authority. 1.3 With respect to the Authorities Authorities’ rights and obligations under this Agreement, the Authorities agree that each Authority is the Data Controller in respect of the work undertaken in that area relating to the Integrated ServiceTraCC Project. And that if such Data is passed to another Authority that Authority will be regarded as the Data Processor. 1.4 Each Authority that acts as Processor shall: (a) Process process the Personal Data only in accordance with instructions from the Data Controller; (b) Process process the Personal Data only to the extent, and in such manner, as is necessary for the provision of the TraCC Project or as is required by law or any regulatory body; (c) implement appropriate technical and organisational measures to protect the Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure; (d) obtain prior written consent from the Authority in order to transfer the Personal Data to any affiliates for the provision of the TraCC Project; (e) ensure that all Employees required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Schedule; (f) ensure that none of the Employees publish, disclose or divulge any of the Personal Data to any third party unless directed in writing to do so by the Data Controller; (g) notify the Data Controller (within five Working Days), if it receives: (i) a request from a Data Subject to have access to that person's Personal Data; or (ii) a complaint or request relating to the Authority's obligations under the Data Protection Legislation; (iii) provide the Authority with full co-operation and assistance in relation to any complaint or request made, including by: (iv) providing the Authority with full details of the complaint or request; (v) providing the Authority with any Personal Data it holds in relation to a Data Subject (within the timescales required by the Authority); and (vi) providing the Authority with any information requested by the Authority. 1.5 Each Authority shall comply at all times with the Data Protection Legislation and shall not perform its obligations under this agreement in such a way as to cause any other Authority to breach any of its applicable obligations under the Data Protection Legislation. 1.6 Each Authority agrees that if a data subject access request is received then the Authority which is deemed to be Data Controller shall be responsible for all expenses relating to such request.

Protection of Data. 1.1 It is understood by each Authority that there is a great deal of data, much of it sensitive, processed by the adoption teams in each Authority area. As a result of the collaborative working working, it is likely that, at timestime, Personal Data may be transferred between Authorities for the benefit of the Project. 1.2 This Schedule aims to clarify each Authorities Authority’s duty when receiving Personal Data from another Authority. 1.3 With respect to the Authorities Authorities’ rights and obligations under this Agreement, the then Authorities agree that each any Partner Authority determining the purpose and manner in which personal data is the Data Controller in respect of the work undertaken in that area relating to the Integrated Service. And that if such Data is passed to another Authority that Authority processed will be regarded as a data controller, and further, if any Partner Authority processes personal data on behalf on another, the Data Processordata processing obligation set out at 1.4 below shall apply. 1.4 Each Authority that acts as Processor shall: (a) Process the Personal Data only in accordance with the instructions from the Data Controller; (b) Process the Personal Data only to the extent, and in such manner, as is necessary for the provision of the Project or and as is required by law or any regulatory body; (c) implement Implement appropriate technical and organisational measures to protect the Personal Data against unauthorised unauthorized or unlawful processing and against accidental loss, destruction, damage, alteration alternation or disclosure; (d) obtain Obtain prior written consent from the Authority in order to transfer the Personal Data to any affiliates for the provision of the Project; (e) ensure Ensure that all Employees required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Schedule; (f) ensure Ensure that none of the Employees publish, disclose or divulge any of the Personal Data to any third party partner unless directed in writing to do so by the Data Controller; (g) notify Notify the Data Controller (within five Working Daysworking days), if it receives: (i) a A request from a Data Subject to have access to that person's ’s Personal Data; or (ii) a A complaint or request relating relation to the Authority's ’s obligations under the Data Protection Legislation; (iii) provide Provide the Authority with full co-operation and assistance in relation to any complaint or request made, including by:; (iv) providing Providing the Authority with full details of the complaint or request; (v) providing Providing the Authority with any an Personal Data it holds in relation to a Data Subject (within the timescales required by the Authority); and (vi) providing Providing the Authority with any information requested by the Authority. 1.5 Each Authority shall comply at all times with the Data Protection Legislation and shall not perform its obligations under this agreement Agreement in such a way as to cause any other Authority to breach any of its applicable obligations under the Data Protection Legislation. 1.6 Each Authority agrees that if a data subject access request is received then the Authority which is deemed to be the Data Controller shall be responsible for all expenses relating to such request.

Protection of Data. 1.1 It is understood by each Authority that there is a great deal of data, much of it sensitive, processed by the adoption teams in each Authority area. As a result of the collaborative working it is likely that, at times, Personal Data may be transferred between Authorities for the benefit of the Project. 1.2 This Schedule aims to clarify each Authorities Authority’s duty when receiving Personal Data from another Authority. 1.3 With respect to the Authorities Authorities’ rights and obligations under this Agreement, the then Authorities agree that each any Partner Authority determining the purpose and manner in which personal data is the Data Controller in respect of the work undertaken in that area relating to the Integrated Service. And that if such Data is passed to another Authority that Authority processed will be regarded as a data controller, and further, if any Partner Authority processes personal data on behalf of another, the Data Processordata processing obligation set out at 1.4 below shall apply. 1.4 Each Authority that acts as Processor shall: (a) Process the Personal Data only in accordance with the instructions from the Data Controller; (b) Process the Personal Data only to the extent, and in such manner, as is necessary for the provision of the Project or as is required by law or any regulatory body; (c) implement Implement appropriate technical and organisational measures to protect the Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration alternation or disclosure; (d) obtain Obtain prior written consent from form the Authority in order to transfer the Personal Data to any affiliates for the provision of the Project; (e) ensure Ensure that all Employees required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Schedule; (f) ensure Ensure that none of the Employees publish, disclose or divulge any of the Personal Data to any third party partner unless directed in writing to do so by the Data Controller; (g) notify Notify the Data Controller (within five Working Days), if it receives: (i) a request from a Data Subject to have access to that person's ’s Personal Data; or (ii) a complaint or request relating relation to the Authority's ’s obligations under the Data Protection Legislation; (iii) provide the Authority with full co-operation and assistance in relation to any complaint or request made, including by:; (iv) providing the Authority with full details of the complaint or request; (v) providing the Authority with any Personal Data it holds in relation to a Data Subject (within the timescales required by the Authority); and (vi) providing the Authority with any information requested by the Authority. 1.5 Each Authority shall comply at all times with the Data Protection Legislation and shall not perform its obligations under this agreement Agreement in such a way as to cause any other Authority to breach any of its applicable obligations under the Data Protection Legislation. 1.6 Each Authority agrees that if a data subject access request is received then the Authority which is deemed to be Data Controller shall be responsible for all expenses relating to such request.