Common use of Reporting Format Clause in Contracts

Reporting Format. The Recipient shall be required to submit their monthly and quarterly monitoring returns using the template provided, and in the format specified, by MOPAC. SCHEDULE 5 - CONTRACT COMPLIANCE AND QUALITY CONSIDERATIONS MOPAC shall, prior to the Service Commencement Date and from time to time throughout the life of the Contract, issue instructions and guidance as necessary to the Recipient on processes and recommended practices, including any instructions of an operational nature, and/or relating to compliance with policies and law, including but not limited to those referenced in Clause 15. Pursuant to Clause 25.1, the Recipient acknowledges that it: is the data controller for the Service and is required to complete a Data Protection Impact Assessment (DPIA) to identify, minimise and reduce risks to data subjects where the Service uses personally identifiable data for members of the public (a DPIA is not required where the data is from professionals); must only act on the written instructions of ▇▇▇▇▇ (unless required by law to act without); must ensure that people Processing the Personal Data are subject to a duty of confidence; must take appropriate measures to ensure the security of Processing; must only engage a processor or sub-processor with the prior consent of MOPAC and a written contract; must provide subject access and allow data subjects to exercise their rights under the GDPR; must meet its GDPR obligations in relation to the security of Processing the notification of Personal Data breaches and data protection impact assessments and notify any Personal Data breaches to MOPAC within 24 hours of becoming aware; must delete or return all Personal Data to the controller as requested at the end of the contract; must submit to audits and inspections, provide MOPAC with whatever information it needs to ensure that they are both meeting their Article 28 obligations and tell MOPAC immediately if it is asked to do something infringing the Data Protection Legislation or other data protections law of the EU or a member state; must keep records of its processing activities; employ a data protection officer if required; co-operate with supervisory authorities (such as the ICO); and appoint (in writing) a representative within the European Union if required. The Service Provider also acknowledges that: it may be subject to investigative and corrective powers of supervisory authorities (such as the ICO) under Article 58 of the GDPR; if it fails to meet its obligations, it may be subject to an administrative fine under Article 83 of the GDPR; if it fails to meet its GDPR obligations it may be subject to a penalty under Article 84 of the GDPR; and if it fails to meet its GDPR obligations it may have to pay compensation under Article 82 of the GDPR.