/Docs/G/Org-JLINC-SISA/Form/0.md
  Source views: Source JSON(ish) on GitHub (VSCode)   Doc views: Document (&k=7.r00t): Visual Print Technical: OpenParameters Xray

---

INCIDENT AND BREACH NOTIFICATION AND MANAGEMENT

1. When the Data Custodian becomes aware of an incident that impacts the Processing of the Personal Data that is the subject of the SISA, it shall promptly notify the Rights Holder about the incident, shall at all times cooperate with the Rights Holder, and shall follow industry best practices and regulatory guidelines with regard to such incidents, in order to enable the Data Custodian to perform a thorough investigation into the incident, to formulate a correct response, and to take suitable further steps in respect of the incident.
2. The Data Custodian shall at all times have in place written procedures which enable it to promptly respond to the Rights Holder about an incident. Where the incident is reasonably likely to require a data breach notification to or by the Rights Holder under applicable Data Protection Law, the Data Custodian shall implement its written procedures in such a way that it is in a position to notify the Rights Holder no later than 48 hours of having become aware of such an incident.