Protection of Personal Data and Security of Data. 13.1. The Supplier shall, and shall procure that all Staff shall, comply with any notification requirements under the UK GDPR and both Parties shall duly observe all their obligations under the UK GDPR which arise in connection with the Agreement. 13.2. Notwithstanding the general obligation in clause 13.1, where the Supplier is processing Personal Data for the Customer as a data processor (as defined by the UK GDPR) the Supplier shall: 13.2.1. ensure that it has in place appropriate technical and organisational measures to ensure the security of the Personal Data (and to guard against unauthorised or unlawful processing of the Personal Data and against accidental loss or destruction of, or damage to, the Personal Data), as required under the Seventh Data Protection Principle in Schedule 1 to the UK GDPR; 13.2.2. provide the Customer with such information as the Customer may reasonably request to satisfy itself that the Supplier is complying with its obligations under the UK GDPR; 13.2.3. promptly notify the Customer of: 13.2.3.1. any breach of the security requirements of the Customer as referred to in clause 13.3; and 13.2.3.2. any request for personal data; and
Appears in 3 contracts
Sources: Supply Agreement, Contract for Services, Contract for Services