Data Breach Notification

Data Breach Notification. In the event of a Personal Data Breach, the Data Processor shall notify the Data Controller without undue delay, and in any event within forty-eight (48) hours after becoming aware of the breach, providing the Controller with sufficient information to enable the Controller to meet its obligations under Article 33 of the GDPR. The notification shall include: (a) a description of the nature of the Personal Data Breach, including the categories and approximate number of data subjects concerned, and the categories and approximate number of Personal Data records concerned; (b) the name and contact details of the Data Protection Officer or other contact point where more information can be obtained; (c) a description of the likely consequences of the Personal Data Breach; and (d) a description of the measures taken or proposed to be taken to address the Personal Data Breach, including measures to mitigate its possible adverse effects. Where it is not possible to provide all information at the same time, the information may be provided in phases without undue further delay. The Processor shall cooperate with the Controller and take all commercially reasonable steps to assist in the investigation, mitigation, and remediation of any such breach.