DATA SECURITY BREACHES AND REPORTING PROCEDURES. Having considered the applicable Data Protection Legislation, the Parties confirm they have in place their own guidance that must be followed in the event of a Data Security Breach. Parties are under a strict obligation to notify any potential or actual losses of the Shared Personal Data or any breach of security which may compromise the security of the Shared Personal Data to the other Party’s SPoC as soon as possible and, in any event, within 24 hours of identification of any potential or actual loss to enable the Parties to consider what action is required in order to resolve the issue in accordance with the applicable Data Protection Legislation. The Parties agree to provide reasonable assistance as is necessary to each other to facilitate the handling of any Data Security Breach in an expeditious and compliant manner. Notification of security breaches, as per Condition 11.2, should be made to each Party’s relevant Information Security/Information Governance team identified in the Agreement.
Appears in 2 contracts
Sources: General Terms and Conditions for Controller to Controller Sharing, Controller to Controller Data Sharing Agreement