Where one Party is Controller and the other Party its Processor. 14.9.1 Where a Party is a Processor, the only processing that the Processor is authorised to do is listed in Part A Authorised Processing Template of Annex 1 – Processing Personal Data by the Controller and may not be determined by the Processor. The term “processing” and any associated terms are to be read in accordance with Article 4 of the UK GDPR and EU GDPR (as applicable).
Where one Party is Controller and the other Party its Processor. Where a Party is a Processor, the only processing that it is authorised to do is listed in Annex 1 (Processing Personal Data) by the Controller. The Processor shall notify the Controller immediately if it considers that any of the Controller’s instructions infringe the Data Protection Legislation. The Processor shall provide all reasonable assistance to the Controller in the preparation of any Data Protection Impact Assessment prior to commencing any Processing. Such assistance may, at the discretion of the Controller, include: a systematic description of the envisaged Processing and the purpose of the Processing; an assessment of the necessity and proportionality of the Processing in relation to the Solution; an assessment of the risks to the rights and freedoms of Data Subjects; and the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of Personal Data. The Processor shall, in relation to any Personal Data Processed in connection with its obligations under this Agreementt: Process that Personal Data only in accordance with Annex 1 (Processing Personal Data), unless the Processor is required to do otherwise by Law. If it is so required, the Processor shall promptly notify the Controller before Processing the Personal Data unless prohibited by Law; ensure that it has in place appropriate technical and organisational measures which the Controller may reasonably reject (but failure to reject shall not amount to approval by the Controller of the adequacy of the technical and organisational measures) having taken account of the: nature of the data to be protected; harm that might result from a Data Breach; state of technological development; and cost of implementing any measures; ensure that: the Processor Personnel do not Process Personal Data except in accordance with this Agreement (and in particular Annex 1 (Processing Personal Data)); it takes all reasonable steps to ensure the reliability and integrity of any Processor Personnel who have access to the Personal Data and ensure that they are: are aware of and comply with the Processor’s duties under this Fourth Schedule and Clause 24 (Confidential Information); are subject to appropriate confidentiality undertakings with the Processor or any Sub-processor; are informed of the confidential nature of the Personal Data and do not publish, disclose or divulge any of the Personal Data to any third party unless directed in writing to do so by...
Where one Party is Controller and the other Party its Processor. 2. Where a Party is a Processor, the only Processing that it is authorised to do is listed in Annex 1 (Processing Personal Data) by the Controller.
