Common use of Data Breach Notification Clause in Contracts

Data Breach Notification. a. Save where the Supplier is legally prohibited from notifying the Company, the Supplier shall notify the Company without undue delay and in any case within twenty-four (24) hours after becoming aware of any actual or suspected Personal Data Breach. Such notification shall: i. Describe as far as is known to the Processor, the nature of the Personal Data Breach including where possible, the categories and approximate number of Data Subjects affected and the categories and approximate number of Personal Data records concerned; ii. Communicate the name and contact details of the data protection officer or other point of contact where further information, if any, can be obtained; iii. Describe the likely consequences of the Personal Data Breach; iv. Describe the measures taken or proposed to be taken by the Processor to address the Personal Data Breach, including, where appropriate, measures to mitigate its possible adverse effects. b. The Supplier acknowledges and understands that the Controller may be obligated to notify the relevant Regulators (within seventy-two (72) hours of having become aware of the Personal Data Breach) and may also be obligated to notify affected Data Subjects. The Processor shall provide all necessary assistance and relevant information reasonably requested by the other Party, in order to allow the Company to properly assess, investigate, mitigate and remedy the Personal Data Breach and to meet its respective obligations under Applicable Laws. Once the Supplier has notified the Company of any Personal Data Breach, the Supplier shall use its reasonable endeavours to not notify the relevant Regulators or the affected Data Subjects without obtaining the Company's prior approval. On request for approval, the Company shall not unreasonably delay or withhold approval where the Supplier is required under Applicable Law to notify a relevant Regulator of the Personal Data Breach.

Data Breach Notification. a. Save where the Supplier is legally prohibited from notifying the Company, the Supplier shall notify the Company without undue delay and in any case within twenty-four (24) hours after becoming aware of any actual or suspected Personal Data Breach. Such notification shall: i. Describe as far as is known to the Processor, the nature of the Personal Data Breach including where possible, the categories and approximate number of Data Subjects affected and the categories and approximate number of Personal Data records concerned; ii. Communicate the name and contact details of the data protection officer or other point of contact where further information, if any, can be obtained; iii. Describe the likely consequences of the Personal Data Breach; iv. Describe the measures taken or proposed to be taken by the Processor to address the Personal Data Breach, including, where appropriate, measures to mitigate its possible adverse effects. b. The Supplier acknowledges and understands that the Controller may be obligated to notify the relevant Regulators (within seventy-two (72) hours of having become aware of the Personal Data Breach) and may also be obligated to notify affected Data Subjects. The Processor shall provide all necessary assistance and relevant information reasonably requested by the other Party, in order to allow the Company to properly assess, investigate, mitigate and remedy the Personal Data Breach and to meet meets its respective obligations under Applicable Laws. Once the Supplier has notified the Company of any Personal Data Breach, the Supplier shall use its reasonable endeavours to not notify the relevant Regulators or the affected Data Subjects without obtaining the Company's prior approval. On request for approval, the Company shall not unreasonably delay or withhold approval where the Supplier is required under Applicable Law to notify a relevant Regulator of the Personal Data Breach.

Data Breach Notification. a. Save where the Supplier is legally prohibited from notifying the Company, the Supplier shall notify the Company without undue delay and in any case within twenty-four (24) hours after becoming aware of any actual or suspected Personal Data Breach. Such notification shall: i. Describe as far as is known to the Processor, the nature of the Personal Data Breach including where possible, the categories and approximate number of Data Subjects affected and the categories and approximate number of Personal Data records concerned; ii. Communicate the name and contact details of the data protection officer or other point of contact where further information, if any, can be obtained; iii. Describe the likely consequences of the Personal Data Breach;; 20 Version: 1.00 iv. Describe the measures taken or proposed to be taken by the Processor to address the Personal Data Breach, including, where appropriate, measures to mitigate its possible adverse effects. b. The Supplier acknowledges and understands that the Controller may be obligated to notify the relevant Regulators (within seventy-two (72) hours of having become aware of the Personal Data Breach) and may also be obligated to notify affected Data Subjects. The Processor shall provide all necessary assistance and relevant information reasonably requested by the other Party, in order to allow the Company to properly assess, investigate, mitigate and remedy the Personal Data Breach and to meet meets its respective obligations under Applicable Laws. Once the Supplier has notified the Company of any Personal Data Breach, the Supplier shall use its reasonable endeavours to not notify the relevant Regulators or the affected Data Subjects without obtaining the Company's prior approval. On request for approval, the Company shall not unreasonably delay or withhold approval where the Supplier is required under Applicable Law to notify a relevant Regulator of the Personal Data Breach.

Data Breach Notification. a. Save where A. The Service Provider shall immediately inform the Supplier is legally prohibited from notifying Controller in writing of any Personal Data Breach of which the CompanyService Provider becomes aware, the Supplier shall notify the Company without undue delay and but in any no case within twenty-four longer than seventy two (2472) hours after becoming it becomes aware of any actual or suspected the Personal Data Breach. Such The notification shallto the Controller shall include all available information regarding such Personal Data Breach, including information on: i. Describe as far as is known to the Processor, the a. The nature of the Personal Data Breach including where possible, the categories and approximate number of affected Data Subjects affected and the categories and approximate number of affected Personal Data records concernedrecords; ii. Communicate the name and contact details of the data protection officer or other point of contact where further information, if any, can be obtained; iii. Describe the b. The likely consequences of the Personal Data Breach;; and iv. Describe the c. The measures taken or proposed to be taken by the Processor to address the Personal Data Breach, including, where appropriate, measures to mitigate its possible adverse effects. b. effects. The Supplier acknowledges Service Provider shall promptly take all necessary and understands that advisable corrective actions, and shall cooperate fully with the Controller may be obligated in all reasonable and lawful efforts to prevent, mitigate or rectify such Breach. The Service Provider shall provide such assistance as required to enable the Controller to satisfy the Controller’s obligation to notify the relevant Regulators (within seventy-two (72) hours supervisory authority and Data Subjects of having become aware a personal data breach under Articles 33 and 34 of the GDPR. The content of any filings, communications, notices, press releases or reports on any Personal Data Breach) and may also Breach must be obligated approved by the Controller prior to notify affected Data Subjectsany publication or communication thereof. The Processor Service Provider shall provide all necessary assistance be responsible for the costs and relevant information reasonably requested by expenses associated with the other Partyperformance of its obligations described in this paragraph, in order to allow the Company to properly assess, investigate, mitigate and remedy unless the Personal Data Breach and to meet is caused by the acts or omissions of the Controller or its respective obligations under Applicable Laws. Once affiliates. B. In the Supplier has notified the Company event of any a Personal Data BreachBreach involving Personal Data in the Service Provider’s possession,custody or controller for which the Service Provider is otherwise responsible, the Supplier Service Provider shall use its reasonable endeavours to not notify reimburse the relevant Regulators Controller on demand for all commerciallyreasonable Notification Related Costsincurred by the Controller arising out of or the affected Data Subjects without obtaining the Company's prior approval. On request for approval, the Company shall not unreasonably delay or withhold approval where the Supplier is required under Applicable Law to notify a relevant Regulator of the in connection with any such Personal Data Breach.