Common use of Personal Data Breach Notification Clause in Contracts

Personal Data Breach Notification. 7.1. Processor will notify Client without undue delay after becoming aware of Personal Data Breach involving Client’s Personal Data. The notification shall provide reasonable detail with respect to the Personal Data Breach including: 7.1.1. A description of the nature of the Personal Data Breach, including where possible, the categories and the approximate number of Data Subjects concerned and the categories and approximate number of Personal Data records concerned; 7.1.2. Communicate the name and contact details of the Data Protection Officer (DPO) or other contact point where more information can be obtained; 7.1.3. Describe the likely consequences of the Personal Data Breach; 7.1.4. Describe the measures taken or proposed to be taken by the Controller to address the Personal Data Breach, including, where appropriate, measures to mitigate its possible adverse effects. 7.2. Unless required by law, Processor will not notify any third party other than law enforcement of any potential or actual Personal Data Breach involving Client’s Personal Data in any manner that would identify the identify of Client without first obtaining written permission of Client. 7.3. If Client determines that a Personal Data Breach must be notified to any Supervisory Authority and/or Data Subject and/or public or portions of the public, Client will notify Shiji before the communication is made and supply Shiji with copies of any written documentation to be filed with the Supervisory Authority and of any notification that Client proposes to make which directly or indirectly references Shiji, its security measures and/or role in the Personal Data Breach, whether or not by name. 7.4. Nothing in this clause shall be construed in such a way as to in any way limit Processor’s ability to engage qualified third parties in the effort to respond to an active Security Incident, to remediate the effects of an incident, to conduct investigations subsequent to an incident or to otherwise comply with its obligations under Data Protection Laws.

Appears in 4 contracts

Sources: Shiji It Agreement, Services Agreements, Services Agreements