Common use of Data Security Breach Clause in Contracts

Data Security Breach. 11.1 In case of a Data Security Breach for which the Data Processor (or any Pre-Approved Subcontractor) is responsible, the Data Processor shall as soon as practical possible, inform Data Controller hereof. 11.2 This notification must at least: a) include a description of the nature of the Data Security Breach including, if possible, the categories and the estimated number of affected Data Subjects as well as the categories and estimated number of affected registrations of Personal Data, b) include the name of and contact information for the data protection officer (DPO) or another point of contact where further information may be obtained, c) describe the probable consequences of the Data Security Breach, d) describe the measures taken by the Data Processor or which the Data Processor proposes are taken to handle the Data Security Breach including, if relevant, measures to limit the possible consequential damages. 11.3 The Data Processor must document all Data Security Breaches, including the actual circumstances surrounding the Data Security Breach, its consequences and the remedial measures that have been taken. 11.4 This documentation must enable the regulatory authority to check that Data Processor complies with its duty to inform of any Data Security Breach.