SECURITY BREACH MANAGEMENT AND NOTIFICATION. 7.1 Service Provider shall, in accordance with the EU Rules, notify the Customer and/or the supervisory authority as soon as any Personal Data Breach with respect to the Personal Data occurs, but no later than 48 hours from the discovery of such a Personal Data Breach. Service Provider’s notification of or response to a Personal Data Breach under this Section 7.1 will not be construed as an acknowledgement by Service Provider of any fault or liability with respect to the Personal Data Breach. 7.2 Service Provider will use reasonable efforts to identity the cause of such Personal Data Breach and shall promptly and without undue delay: (a) investigate the Personal Data Breach and provide Customer with information about the Personal Data Breach, including if applicable, such information a Data Processor must provide to a Data Controller under Article 33(3) of the GDPR to the extent such information is reasonably available; and (b) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Personal Data Breach to the extent the remediation is within Service Provider’s reasonable control The obligations herein shall not apply to any breach that is caused by Customer or authorized users. Notification will be delivered to Customer in accordance with Section 7.3 below. 7.3 Notification(s) of Personal Data Breaches, if any, will be delivered to one or more of Customer’s business, technical or administrative contacts by any means Service Provider selects, including via email. It is Customer’s sole responsibility to ensure it maintains accurate contact information on Service Provider’s support systems at all times.
Appears in 3 contracts
Sources: Global Data Privacy Addendum, Global Data Privacy Addendum, Global Data Privacy Addendum