Assistance to the Data Controller. 1. Taking into account the nature of the processing, the Data Processor shall assist the Data Controller by appropriate technical and organisational measures, insofar as this is possible, in the fulfilment of the Data Controller’s obligations to respond to requests for exercising the data subject’s rights laid down in Chapter III GDPR. This entails that the Data Processor shall, insofar as this is possible, assist the Data Controller in the Data Controller’s compliance with:
Assistance to the Data Controller. 3.1 The Data Processor shall insofar as this is possible – within the scope and the extent of the assistance specified below – assist the Data Controller in accordance with Clause 9.1 and 9.2 by implementing the following technical and organisational measures:
Assistance to the Data Controller. The Data Processor shall provide assistance so that the Data Controller can safeguard its own responsibility according to applicable laws and regulations, including assisting the Data Controller by: • Implementing technical and organizational measures as mentioned previously • Complying with reporting obligations to supervisory authorities and registered persons in the case of any deviations • Performing privacy impact assessments • Engaging in early discussions with supervisory authorities when an assessment of privacy implications makes it necessary • Informing the Data Controller if the Data Processor considers that an instruction from Data Controller is in violation of relevant privacy policies. Assistance as mentioned above shall be performed to the extent required by the Data Controller's need, the nature of the processing and the information available to Data Processor, cf. Regulation Article 28 (3) (f).
Assistance to the Data Controller. 6.1 When requested, the Data Processor shall as reasonably requested assist the Data Controller with the fulfilment of the rights of the data subjects under Chapter III of the GDPR through appropriate technical or organisational measures. The obligation to assist the Data Controller solely applies insofar as this is possible and appropriate, taking into consideration the nature and extent of the processing of personal data under the Main Agreement.
Assistance to the Data Controller. 7.1 The Data Processor agrees to provide reasonable and timely assistance to Data Controller to enable Data Controller to respond to: (a) any request from a Data Subject to exercise any of its rights under the applicable Data Protection Laws (including its rights of access, correction, objection, and erasure, as applicable); and (b) any other correspondence, inquiry or complaint received from a Data Subject, regulator, or authorized third party in connection with the processing of the Personal Data. If any such request, correspondence, inquiry, or complaint is made directly to Data Processor, Data Processor shall promptly inform Data Controller and provide full details of the same.
Assistance to the Data Controller. 9.1 Taking into account the nature of processing and the information available to the Data Processor, the Data Processor must assist the Data Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, i.e. with regard to security measures, notification of supervisory authorities, notification of individuals, preparation of data protection impact assessments and prior consultation with supervisory authorities.
Assistance to the Data Controller. The Data Processor shall insofar as this is possible – within the scope and the extent of the assistance specified below – assist the Data Controller in accordance with Clause 8 of this Data Processing Agreement. Instruction on the transfer of personal data to third countries The Data Processor may transfer Personal Data to the countries stated in Appendix 2. If the Data Controller does not subsequently provide documented instructions pertain- ing to the transfer of personal data to a third country, the Data Processor shall not be entitled within the framework of this Data Processing Agreement to perform such trans- fer. Procedures for the Data Controller’s audits, including inspections, of the processing of personal data being performed by the Data Processor The Data Processor shall at the Data Controllers prior written request, and then only once a year, at the Data Controllers expense obtain an inspection report from an in- dependent third party concerning the Data Processor's compliance with the GDPR, the applicable EU or Member State data protection provisions and the Clauses. The parties have agreed that the following types of inspection report may be used in compliance with this Data Processing Agreement: ISAE 3000, type I. The inspection report shall without undue delay be submitted to the Data Controller for information. The Data Controller may contest the scope and/or methodology of the report and may in such cases request a new audit/inspection under a revised scope and/or different methodology. Based on the results of such an audit/inspection, the Data Controller may request further measures to be taken to ensure compliance with the GDPR, the applicable EU or Member State data protection provisions and this Data processing Agreement. The Data Controller or the Data Controller’s representative shall in addition have ac- cess to inspect, including physically inspect, the places, where the processing of per- xxxxx data is carried out by the Data Processor, including physical facilities as well as systems used for and related to the processing. Such an inspection shall be performed, when the Data Controller deems it required. Appendix 2 - Pre-approved Sub-processors: N/A Data Processor has not been instructed to transfer data outside of the EU.
Assistance to the Data Controller. The Data Processor, taking into account the nature of the processing, shall, as far as possible, assist the Data Controller by appropriate technical and organizational measures, with the obligation of Data Controller to respond to requests for the exercise of the data subjects´ rights as laid down in Chapter 3 of the Data Protection Regulation. This implies that, as far as possible, the Data Processor shall assist the Data Controller in connection with the Data Controller being responsible for ensuring compliance with:
Assistance to the Data Controller. 5.1 The Data Processor must assist the Data Controller in ensuring compliance with the obligations pursuant to Articles 32-36 of the General Data Protection Regulation and any other applicable data protection and information security legislation, i.e. security measures, notification of supervisory authorities, noti- fication of Individuals, preparation of data protection impact assessments and prior consultation of the supervisory authorities.
Assistance to the Data Controller. The data processor shall, to the extent possible – within the scope and extent below – assist the data controller in accordance with Provisions 8.1 and 8.2 by implementing the following technical and organisational measures: The data processor shall develop necessary technical information which can be disclosed for use in the data controller's risk analysis. The data processor's other obligations are determined in the cooperation agreement between the data processor and the data controller under the following delivery parameters: • The data processor must initiate assistance no later than 3 working days after the data controller's request. • If the request is made on the basis of an urgent situation, the data controller can ask the data processor to start the assistance no later than on the same working day as the request is submitted. • If emergency assistance entails a cost for the data processor, and the emergency assistance is not the result of errors or defects or inappropriate or opaque workflows or processes in the product which mean that the data processor is unable to live up to their responsibility towards the data controller, the data controller must reimburse documentable costs and losses. If the data processor wishes to enforce this clause, the data processor must assert this to the data controller before the assistance begins.
