Common use of ICO Guidance Clause in Contracts

ICO Guidance. The Parties agree to take account of any guidance issued by the Information Commissioner and/or any relevant Central Government Body. DfE may on not less than thirty (30) Working Days’ notice to the Contractor amend this Framework Agreement to ensure that it complies with any guidance issued by the Information Commissioner and/or any relevant Central Government Body. Liabilities for Data Protection Breach If financial penalties are imposed by the Information Commissioner on either DfE or the Contractor for a Personal Data Breach ("Financial Penalties") then the following shall occur: If in the view of the Information Commissioner, DfE is responsible for the Personal Data Breach, in that it is caused as a result of the actions or inaction of DfE, its employees, agents, contractors (other than the Contractor) or systems and procedures controlled by DfE, then DfE shall be responsible for the payment of such Financial Penalties. In this case, DfE will conduct an internal audit and engage at its reasonable cost when necessary, an independent third party to conduct an audit of any such data incident. The Contractor shall provide to DfE and its third party investigators and auditors, on request and at the Contractor's reasonable cost, full cooperation and access to conduct a thorough audit of such data incident; If in the view of the Information Commissioner, the Contractor is responsible for the Personal Data Breach, in that it is not a breach that DfE is responsible for, then the Contractor shall be responsible for the payment of these Financial Penalties. The Contractor will provide to DfE and its auditors, on request and at the Contractor’s sole cost, full cooperation and access to conduct a thorough audit of such data incident. If no view as to responsibility is expressed by the Information Commissioner, then the Contractor and DfE shall work together to investigate the relevant data incident and allocate responsibility for any Financial Penalties as outlined above, or by agreement to split any financial penalties equally if no responsibility for the Personal Data Breach can be apportioned. In the event that the Parties do not agree such apportionment then such Dispute shall be referred to the dispute resolution procedure set out with clause 42 of the Framework Agreement (Dispute Resolution). If either DfE or the Contractor is the defendant in a legal claim brought before a court of competent jurisdiction (“Court”) by a third party in respect of a Personal Data Breach, then unless the Parties otherwise agree, the Party that is determined by the final decision of the court to be responsible for the Personal Data Breach shall be liable for the losses arising from such breach. Where both Parties are liable, the liability will be apportioned between the Parties in accordance with the decision of the Court. In respect of any losses, cost claims or expenses incurred by either Party as a result of a Personal Data Breach (the “Claim Losses”): if DfE is responsible for the relevant breach, then DfE shall be responsible for the Claim Losses; if the Contractor is responsible for the relevant breach, then the Contractor shall be responsible for the Claim Losses: and if responsibility is unclear, then DfE and the Contractor shall be responsible for the Claim Losses equally. Nothing in paragraphs 7.2 and 7.2 shall preclude DfE and the Contractor reaching any other agreement, including by way of compromise with a third party complainant or claimant, as to the apportionment of financial responsibility for any Claim Losses as a result of a Personal Data Breach, having regard to all the circumstances of the breach and the legal and financial obligations of DfE.

ICO Guidance. The Parties agree to take account of any non-mandatory guidance issued by the Information Commissioner and/or Commissioner, any relevant Central Government BodyBody and/or any other regulatory authority. DfE The Buyer may on not less than thirty (30) Working Days’ notice to the Contractor Supplier amend this the Framework Agreement to ensure that it complies with any guidance issued by the Information Commissioner and/or Commissioner, any relevant Central Government BodyBody and/or any other regulatory authority. Liabilities for Data Protection Breach [Guidance: This clause represents a risk share, you may wish to reconsider the apportionment of liability and whether recoverability of losses are likely to be hindered by the contractual limitation of liability provisions] If financial penalties are imposed by the Information Commissioner on either DfE the Buyer or the Contractor Supplier for a Personal Data Breach ("Financial Penalties") then the following shall occur: If if in the view of the Information Commissioner, DfE the Buyer is responsible for the Personal Data Breach, in that it is caused as a result of the actions or inaction of DfEthe Buyer, its employees, agents, contractors (other than the ContractorSupplier) or systems and procedures controlled by DfEthe Buyer, then DfE the Buyer shall be responsible for the payment of such Financial Penalties. In this case, DfE the Buyer will conduct an internal audit and engage at its reasonable cost when necessary, an independent third party to conduct an audit of any such data incidentPersonal Data Breach. The Contractor Supplier shall provide to DfE the Buyer and its third party investigators and auditors, on request and at the ContractorSupplier's reasonable cost, full cooperation and access to conduct a thorough audit of such data incidentPersonal Data Breach; If if in the view of the Information Commissioner, the Contractor Supplier is responsible for the Personal Data Breach, in that it is not a breach Personal Data Breach that DfE the Buyer is responsible for, then the Contractor Supplier shall be responsible for the payment of these Financial Penalties. The Contractor Supplier will provide to DfE the Buyer and its auditors, on request and at the ContractorSupplier’s sole cost, full cooperation and access to conduct a thorough audit of such data incident. If Personal Data Breach; or if no view as to responsibility is expressed by the Information Commissioner, then the Contractor Buyer and DfE the Supplier shall work together to investigate the relevant data incident Personal Data Breach and allocate responsibility for any Financial Penalties as outlined above, or by agreement to split any financial penalties equally if no responsibility for the Personal Data Breach can be apportioned. In the event that the Parties do not agree such apportionment then such Dispute shall be referred to the dispute resolution procedure set out with in clause 42 32 of the Framework Agreement (Dispute ResolutionManaging disputes). If either DfE the Buyer or the Contractor Supplier is the defendant in a legal claim brought before a court of competent jurisdiction (“Court”) by a third party in respect of a Personal Data Breach, then unless the Parties otherwise agree, the Party that is determined by the final decision of the court to be responsible for the Personal Data Breach shall be liable for the losses arising from such breachPersonal Data Breach. Where both Parties are liable, the liability will be apportioned between the Parties in accordance with the decision of the Court. In respect of any losses, cost claims or expenses incurred by either Party as a result of a Personal Data Breach (the “Claim Losses”): if DfE the Buyer is responsible for the relevant breachPersonal Data Breach, then DfE the Buyer shall be responsible for the Claim Losses; if the Contractor Supplier is responsible for the relevant breachPersonal Data Breach, then the Contractor Supplier shall be responsible for the Claim Losses: and if responsibility for the relevant Personal Data Breach is unclear, then DfE the Buyer and the Contractor Supplier shall be responsible for the Claim Losses equally. Nothing in paragraphs either clause 7.2 and 7.2 or clause 7.3 shall preclude DfE the Buyer and the Contractor Supplier reaching any other agreement, including by way of compromise with a third party complainant or claimant, as to the apportionment of financial responsibility for any Claim Losses as a result of a Personal Data Breach, having regard to all the circumstances of the breach Personal Data Breach and the legal and financial obligations of DfE.the Buyer.

ICO Guidance. The Parties agree to take account of any guidance issued by the Information Commissioner and/or any relevant Central Government Body. DfE The Buyer may on not less than thirty (30) Working Days’ notice to the Contractor Supplier amend this Framework Agreement the Contract to ensure that it complies with any guidance issued by the Information Commissioner and/or any relevant Central Government Body. Liabilities for Data Protection Breach [Guidance: This clause represents a risk share, you may wish to reconsider the apportionment of liability and whether recoverability of losses are likely to be hindered by the contractual limitation of liability provisions] If financial penalties are imposed by the Information Commissioner on either DfE the Buyer or the Contractor Supplier for a Personal Data Breach ("Financial Penalties") then the following shall occur: If if in the view of the Information Commissioner, DfE the Buyer is responsible for the Personal Data Breach, in that it is caused as a result of the actions or inaction of DfEthe Buyer, its employees, agents, contractors (other than the ContractorSupplier) or systems and procedures controlled by DfEthe Buyer, then DfE the Buyer shall be responsible for the payment of such Financial Penalties. In this case, DfE the Buyer will conduct an internal audit and engage at its reasonable cost when necessary, an independent third party to conduct an audit of any such data incidentPersonal Data Breach. The Contractor Supplier shall provide to DfE the Buyer and its third party investigators and auditors, on request and at the ContractorSupplier's reasonable cost, full cooperation and access to conduct a thorough audit of such data incidentPersonal Data Breach; If if in the view of the Information Commissioner, the Contractor Supplier is responsible for the Personal thePersonal Data Breach, in that it is not a breach Personal Data Breach that DfE the Buyer is responsible for, then the Contractor Supplier shall be responsible for the payment of these Financial Penalties. The Contractor Supplier will provide to DfE the Buyer and its auditors, on request and at the ContractorSupplier’s sole cost, full cooperation and access to conduct a thorough audit of such data incident. If Personal Data Breach; or if no view as to responsibility is expressed by the Information Commissioner, ,then the Contractor Buyer and DfE the Supplier shall work together to investigate the relevant data incident Personal Data Breach and allocate responsibility for any Financial Penalties as outlined above, or by agreement to split any financial penalties Financial Penalties equally if no responsibility for the Personal Data Breach can be apportioned. In the event that the Parties do not agree such apportionment then such Dispute shall be referred to the dispute resolution procedure set out with in clause 42 32 of the Framework Agreement (Dispute ResolutionManaging disputes). If either DfE the Buyer or the Contractor Supplier is the defendant in a legal claim brought before a court of competent jurisdiction (“Court”) by a third party in respect of a Personal Data Breach, then unless the Parties otherwise agree, the Party that is determined by the final decision of the court Court to be responsible for the Personal Data Breach shall be liable for the losses arising from such breachPersonal Data Breach. Where both Parties are liable, the liability will be apportioned between the Parties in accordance with the decision of the Court. In respect of any losses, cost claims or expenses incurred by either Party as a result of a Personal Data Breach (the “Claim Losses”): if DfE the Buyer is responsible for the relevant breachPersonal Data Breach, then DfE the Buyer shall be responsible for the Claim Losses; if the Contractor Supplier is responsible for the relevant breachPersonal Data Breach, then the Contractor Supplier shall be responsible for the Claim Losses: and if responsibility for the relevant Personal Data Breach is unclear, then DfE the Buyer and the Contractor Supplier shall be responsible for the Claim Losses equally. Nothing in paragraphs either clause 7.2 and 7.2 or clause 7.3 shall preclude DfE the Buyer and the Contractor Supplier reaching any other agreement, including by way of compromise with a third party complainant or claimant, as to the apportionment of financial responsibility for any Claim Losses as a result of a Personal Data Breach, having regard to all the circumstances of the breach Personal Data Breach and the legal and financial obligations of DfE.the Buyer.

ICO Guidance. The Parties agree to take account of any non-mandatory guidance issued by the Information Commissioner and/or Commissioner, any relevant Central Government BodyBody and/or any relevant central government body. DfE CCSother regulatory authority. The Buyer may on not less than thirty (30) Working Days’ notice to the Contractor Supplier amend this the Framework Agreement to ensure that it complies with any guidance issued by the Information Commissioner and/or Commissioner, any relevant Central Government BodyBody and/or any relevant central government body other regulatory authority. Liabilities for Data Protection Breach If financial penalties are imposed by the Information Commissioner on either DfE the Buyer or the Contractor Supplier for a Personal Data Breach ("Financial Penalties") then the following shall occur: If if in the view of the Information Commissioner, DfE the Buyer is responsible for the Personal Data Breach, in that it is caused as a result of the actions or inaction of DfEthe Buyer, its employees, agents, contractors (other than the ContractorSupplier) or systems and procedures controlled by DfEthe Buyer, then DfE the Buyer shall be responsible for the payment of such Financial Penalties. In this case, DfE the Buyer will conduct an internal audit and engage at its reasonable cost when necessary, an independent third party to conduct an audit of any such data incidentPersonal Data Breach. The Contractor Supplier shall provide to DfE the Buyer and its third party investigators and auditors, on request and at the ContractorSupplier's reasonable cost, full cooperation and access to conduct a thorough audit of such data incidentPersonal Data Breach; If if in the view of the Information Commissioner, the Contractor Supplier is responsible for the Personal Data Breach, in that it is not a breach Personal Data Breach that DfE the Buyer is responsible for, then the Contractor Supplier shall be responsible for the payment of these Financial Penalties. The Contractor Supplier will provide to DfE the Buyer and its auditors, on request and at the ContractorSupplier’s sole cost, full cooperation and access to conduct a thorough audit of such data incident. If Personal Data Breach; or if no view as to responsibility is expressed by the Information Commissioner, then the Contractor Buyer and DfE the Supplier shall work together to investigate the relevant data incident Personal Data Breach and allocate responsibility for any Financial Penalties as outlined above, or by agreement to split any financial Financial Penalties Financial penalties equally if no responsibility for the Personal Data Breach can be apportioned. In the event that the Parties do not agree such apportionment then such Dispute shall be referred to the dispute resolution procedure set out with in clause 42 32 of the Framework Agreement (Dispute ResolutionManaging disputes). If either DfE the Buyer or the Contractor Supplier is the defendant in a legal claim brought before a court of competent jurisdiction (“Court”) by a third party in respect of a Personal Data Breach, then unless the Parties otherwise agree, the Party that is determined by the final decision of the court to be responsible for the Personal Data Breach shall be liable for the losses arising from such breachPersonal Data Breach. Where both Parties are liable, the liability will be apportioned between the Parties in accordance with the decision of the Court. In respect of any losses, cost claims or expenses incurred by either Party as a result of a Personal Data Breach (the “Claim Losses”): if DfE the Buyer is responsible for the relevant breachPersonal Data Breach, then DfE the Buyer shall be responsible for the Claim Losses; if the Contractor Supplier is responsible for the relevant breachPersonal Data Breach, then the Contractor Supplier shall be responsible for the Claim Losses: and if If responsibility for the relevant Personal Data Breach is unclear, then DfE the Buyer and the Contractor Supplier shall be responsible for the Claim Losses equally. Nothing in paragraphs either clause 7.2 and 7.2 or clause 7.3 shall preclude DfE the Buyer and the Contractor Supplier reaching any other agreement, including by way of compromise with a third party complainant or claimant, as to the apportionment of financial responsibility for any Claim Losses as a result of a Personal Data Breach, having regard to all the circumstances of the breach Personal Data Breach and the legal and financial obligations of DfE.the Buyer.

ICO Guidance. The Parties agree to take account of any guidance issued by the Information Commissioner and/or any relevant Central Government Body. DfE The Authority may on not less than thirty (30) Working Days’ notice to the Contractor Supplier amend this Framework Agreement to ensure that it complies with any guidance issued by the Information Commissioner and/or any relevant Central Government Body. Liabilities for Data Protection Breach [Guidance: This paragraph represents a risk share, you may wish to reconsider the apportionment of liability and whether recoverability of losses are likely to be hindered by the contractual limitation of liability provisions] If financial penalties are imposed by the Information Commissioner on either DfE the Authority or the Contractor Supplier for a Personal Data Breach ("Financial Penalties") then the following shall occur: If in the view of the Information Commissioner, DfE the Authority is responsible for the Personal Data Breach, in that it is caused as a result of the actions or inaction of DfEthe Authority, its employees, agents, contractors (other than the ContractorSupplier) or systems and procedures controlled by DfEthe Authority, then DfE the Authority shall be responsible for the payment of such Financial Penalties. In this case, DfE the Authority will conduct an internal audit and engage at its reasonable cost when necessary, an independent third party to conduct an audit of any such data incident. The Contractor Supplier shall provide to DfE the Authority and its third party investigators and auditors, on request and at the ContractorSupplier's reasonable cost, full cooperation and access to conduct a thorough audit of such data incident; If in the view of the Information Commissioner, the Contractor Supplier is responsible for the Personal Data Breach, in that it is not a breach that DfE the Authority is responsible for, then the Contractor Supplier shall be responsible for the payment of these Financial Penalties. The Contractor Supplier will provide to DfE the Authority and its auditors, on request and at the ContractorSupplier’s sole cost, full cooperation and access to conduct a thorough audit of such data incident. If no view as to responsibility is expressed by the Information Commissioner, then the Contractor Authority and DfE the Supplier shall work together to investigate the relevant data incident and allocate responsibility for any Financial Penalties as outlined above, or by agreement to split any financial penalties equally if no responsibility for the Personal Data Breach can be apportioned. In the event that the Parties do not agree such apportionment then such Dispute shall be referred to the dispute resolution procedure Dispute Resolution Procedure set out with clause 42 of the Framework Agreement in Schedule Schedule 8.3 (Dispute ResolutionResolution Procedure). If either DfE the Authority or the Contractor Supplier is the defendant in a legal claim brought before a court of competent jurisdiction (“Court”) by a third party in respect of a Personal Data Breach, then unless the Parties otherwise agree, the Party that is determined by the final decision of the court to be responsible for the Personal Data Breach shall be liable for the losses arising from such breach. Where both Parties are liable, the liability will be apportioned between the Parties in accordance with the decision of the Court. In respect of any losses, cost claims or expenses incurred by either Party as a result of a Personal Data Breach (the “Claim Losses”): if DfE the Authority is responsible for the relevant breach, then DfE the Authority shall be responsible for the Claim Losses; if the Contractor Supplier is responsible for the relevant breach, then the Contractor Supplier shall be responsible for the Claim Losses: and if responsibility is unclear, then DfE the Authority and the Contractor Supplier shall be responsible for the Claim Losses equally. Nothing in paragraphs 7.2 and 7.2 Paragraphs 7.2-7.3 shall preclude DfE the Authority and the Contractor Supplier reaching any other agreement, including by way of compromise with a third party complainant or claimant, as to the apportionment of financial responsibility for any Claim Losses as a result of a Personal Data Breach, having regard to all the circumstances of the breach and the legal and financial obligations of DfE.the Authority.

ICO Guidance. The Parties agree to take account of any non-mandatory guidance issued by the Information Commissioner and/or Commissioner, any relevant Central Government BodyBody and/or any other regulatory authority. DfE The Buyer may on not less than thirty (30) Working Days’ notice to the Contractor Supplier amend this the Framework Agreement to ensure that it complies with any guidance issued by the Information Commissioner and/or Commissioner, any relevant Central Government BodyBody and/or any other regulatory authority. 7. Liabilities for Data Protection Breach Breach 7.1 If financial penalties are imposed by the Information Commissioner on either DfE the Buyer or the Contractor Supplier for a Personal Data Breach ("Financial Penalties") then the following shall occur: If : (a) if in the view of the Information Commissioner, DfE the Buyer is responsible for the Personal Data Breach, in that it is caused as a result of the actions or inaction of DfEthe Buyer, its employees, agents, contractors (other than the ContractorSupplier) or systems and procedures controlled by DfEthe Buyer, then DfE the Buyer shall be responsible for the payment of such Financial Penalties. In this case, DfE the Buyer will conduct an internal audit and engage at its reasonable cost when necessary, an independent third party to conduct an audit of any such data incidentPersonal Data Breach. The Contractor Supplier shall provide to DfE the Buyer and its third party investigators and auditors, on request and at the ContractorSupplier's reasonable cost, full cooperation and access to conduct a thorough audit of such data incident; If Personal Data Breach; (b) if in the view of the Information Commissioner, the Contractor Supplier is responsible for the Personal Data Breach, in that it is not a breach Personal Data Breach that DfE the Buyer is responsible for, then the Contractor Supplier shall be responsible for the payment of these Financial Penalties. The Contractor Supplier will provide to DfE the Buyer and its auditors, on request and at the ContractorSupplier’s sole cost, full cooperation and access to conduct a thorough audit of such data incident. If Personal Data Breach; or (c) if no view as to responsibility is expressed by the Information Commissioner, then the Contractor Buyer and DfE the Supplier shall work together to investigate the relevant data incident Personal Data Breach and allocate responsibility for any Financial Penalties as outlined above, or by agreement to split any financial penalties equally if no responsibility for the Personal Data Breach can be apportioned. In the event that the Parties do not agree such apportionment then such Dispute shall be referred to the dispute resolution procedure set out with in clause 42 32 of the Framework Agreement (Dispute ResolutionManaging disputes). . 7.2 If either DfE the Buyer or the Contractor Supplier is the defendant in a legal claim brought before a court of competent jurisdiction (“Court”) by a third party in respect of a Personal Data Breach, then unless the Parties otherwise agree, the Party that is determined by the final decision of the court to be responsible for the Personal Data Breach shall be liable for the losses arising from such breachPersonal Data Breach. Where both Parties are liable, the liability will be apportioned between the Parties in accordance with the decision of the Court. . 7.3 In respect of any losses, cost claims or expenses incurred by either Party as a result of a Personal Data Breach (the “Claim Losses”): ): (a) if DfE the Buyer is responsible for the relevant breachPersonal Data Breach, then DfE the Buyer shall be responsible for the Claim Losses; ; (b) if the Contractor Supplier is responsible for the relevant breachPersonal Data Breach, then the Contractor Supplier shall be responsible for the Claim Losses: and and (c) if responsibility for the relevant Personal Data Breach is unclear, then DfE the Buyer and the Contractor Supplier shall be responsible for the Claim Losses equally. Nothing in paragraphs 7.2 and 7.2 shall preclude DfE and the Contractor reaching any other agreement, including by way of compromise with a third party complainant or claimant, as to the apportionment of financial responsibility for any Claim Losses as a result of a Personal Data Breach, having regard to all the circumstances of the breach and the legal and financial obligations of DfE..

ICO Guidance. The Parties agree to take account of any non-mandatory guidance issued by the Information Commissioner and/or Commissioner, any relevant Central Government BodyBody and/or any other regulatory authority. DfE The Buyer may on not less than thirty (30) Working Days’ notice to the Contractor Supplier amend this the Framework Agreement to ensure that it complies with any guidance issued by the Information Commissioner and/or Commissioner, any relevant Central Government BodyBody and/or any other regulatory authority. Liabilities for Data Protection Breach If financial penalties are imposed by the Information Commissioner on either DfE the Buyer or the Contractor Supplier for a Personal Data Breach ("Financial Penalties") then the following shall occur: If if in the view of the Information Commissioner, DfE the Buyer is responsible for the Personal Data Breach, in that it is caused as a result of the actions or inaction of DfEthe Buyer, its employees, agents, contractors (other than the ContractorSupplier) or systems and procedures controlled by DfEthe Buyer, then DfE the Buyer shall be responsible for the payment of such Financial Penalties. In this case, DfE the Buyer will conduct an internal audit and engage at its reasonable cost when necessary, an independent third party to conduct an audit of any such data incidentPersonal Data Breach. The Contractor Supplier shall provide to DfE the Buyer and its third party investigators and auditors, on request and at the ContractorSupplier's reasonable cost, full cooperation and access to conduct a thorough audit of such data incidentPersonal Data Breach; If if in the view of the Information Commissioner, the Contractor Supplier is responsible for the Personal Data Breach, in that it is not a breach Personal Data Breach that DfE the Buyer is responsible for, then the Contractor Supplier shall be responsible for the payment of these Financial Penalties. The Contractor Supplier will provide to DfE the Buyer and its auditors, on request and at the ContractorSupplier’s sole cost, full cooperation and access to conduct a thorough audit of such data incident. If Personal Data Breach; or if no view as to responsibility is expressed by the Information Commissioner, then the Contractor Buyer and DfE the Supplier shall work together to investigate the relevant data incident Personal Data Breach and allocate responsibility for any Financial Penalties as outlined above, or by agreement to split any financial penalties equally if no responsibility for the Personal Data Breach can be apportioned. In the event that the Parties do not agree such apportionment then such Dispute shall be referred to the dispute resolution procedure set out with in clause 42 32 of the Framework Agreement (Dispute ResolutionManaging disputes). If either DfE the Buyer or the Contractor Supplier is the defendant in a legal claim brought before a court of competent jurisdiction (“Court”) by a third party in respect of a Personal Data Breach, then unless the Parties otherwise agree, the Party that is determined by the final decision of the court to be responsible for the Personal Data Breach shall be liable for the losses arising from such breachPersonal Data Breach. Where both Parties are liable, the liability will be apportioned between the Parties in accordance with the decision of the Court. In respect of any losses, cost claims or expenses incurred by either Party as a result of a Personal Data Breach (the “Claim Losses”): if DfE the Buyer is responsible for the relevant breachPersonal Data Breach, then DfE the Buyer shall be responsible for the Claim Losses; if the Contractor Supplier is responsible for the relevant breachPersonal Data Breach, then the Contractor Supplier shall be responsible for the Claim Losses: and if responsibility for the relevant Personal Data Breach is unclear, then DfE the Buyer and the Contractor Supplier shall be responsible for the Claim Losses equally. Nothing in paragraphs either clause 7.2 and 7.2 or clause 7.3 shall preclude DfE the Buyer and the Contractor Supplier reaching any other agreement, including by way of compromise with a third party complainant or claimant, as to the apportionment of financial responsibility for any Claim Losses as a result of a Personal Data Breach, having regard to all the circumstances of the breach Personal Data Breach and the legal and financial obligations of DfE.the Buyer.

ICO Guidance. The Parties agree to take account of any guidance issued by the Information Commissioner and/or any relevant Central Government Bodycentral government body. DfE The Buyer may on not less than thirty (30) Working Days’ notice to the Contractor Supplier amend this Framework Agreement the contract to ensure that it complies with any guidance issued by the Information Commissioner and/or any relevant Central Government Bodycentral government body. Liabilities for Data Protection Breach [Guidance: This clause represents a risk share, you may wish to reconsider the apportionment of liability and whether recoverability of losses are likely to be hindered by the contractual limitation of liability provisions] If financial penalties are imposed by the Information Commissioner on either DfE the Buyer or the Contractor Supplier for a Personal Data Breach ("Financial Penalties") then the following shall occur: If if in the view of the Information Commissioner, DfE the Buyer is responsible for the Personal Data Breach, in that it is caused as a result of the actions or inaction of DfEthe Buyer, its employees, agents, contractors (other than the ContractorSupplier) or systems and procedures controlled by DfEthe Buyer, then DfE the Buyer shall be responsible for the payment of such Financial Penalties. In this case, DfE the Buyer will conduct an internal audit and engage at its reasonable cost when necessary, an independent third party to conduct an audit of any such data incidentPersonal Data Breach. The Contractor Supplier shall provide to DfE the Buyer and its third party investigators and auditors, on request and at the ContractorSupplier's reasonable cost, full cooperation and access to conduct a thorough audit of such data incidentPersonal Data Breach; If if in the view of the Information Commissioner, the Contractor Supplier is responsible for the Personal Data Breach, in that it is not a breach Personal Data Breach that DfE the Buyer is responsible for, then the Contractor Supplier shall be responsible for the payment of these Financial Penalties. The Contractor Supplier will provide to DfE the Buyer and its auditors, on request and at the ContractorSupplier’s sole cost, full cooperation and access to conduct a thorough audit of such data incident. If Personal Data Breach; or if no view as to responsibility is expressed by the Information Commissioner, then the Contractor Buyer and DfE the Supplier shall work together to investigate the relevant data incident Personal Data Breach and allocate responsibility for any Financial Penalties as outlined above, or by agreement to split any financial penalties Financial Penalties equally if no responsibility for the Personal Data Breach can be apportioned. In the event that the Parties do not agree such apportionment then such Dispute shall be referred to the dispute resolution procedure set out with clause 42 in clauses 8.66 to 8.79 of the Framework Agreement terms (Dispute ResolutionManaging disputes). If either DfE the Buyer or the Contractor Supplier is the defendant in a legal claim brought before a court of competent jurisdiction (“Court”) by a third party in respect of a Personal Data Breach, then unless the Parties otherwise agree, the Party that is determined by the final decision of the court Court to be responsible for the Personal Data Breach shall be liable for the losses arising from such breachPersonal Data Breach. Where both Parties are liable, the liability will be apportioned between the Parties in accordance with the decision of the Court. In respect of any losses, cost claims or expenses incurred by either Party as a result of a Personal Data Breach (the “Claim Losses”): if DfE the Buyer is responsible for the relevant breachPersonal Data Breach, then DfE the Buyer shall be responsible for the Claim Losses; if the Contractor Supplier is responsible for the relevant breachPersonal Data Breach, then the Contractor Supplier shall be responsible for the Claim Losses: and if responsibility for the relevant Personal Data Breach is unclear, then DfE the Buyer and the Contractor Supplier shall be responsible for the Claim Losses equally. Nothing in paragraphs 7.2 and 7.2 shall preclude DfE and the Contractor reaching any other agreement, including by way of compromise with a third party complainant or claimant, as to the apportionment of financial responsibility for any Claim Losses as a result of a Personal Data Breach, having regard to all the circumstances of the breach and the legal and financial obligations of DfE..