The terms of transmission and, if applicable, the specific categories of personal data are defined in Schedule 1, which is an integral part of the clauses. 8.1) The supplier must: (a) assist the processing manager in implementing appropriate technical and organisational measures against data protection incidents, conducting data protection impact analyses and reporting data protection incidents to the appropriate supervisory authority or relevant parties, in accordance with the Data Protection Act, and taking into account the nature of the data protection and information available to the provider; and (b) provide GCI with the other cooperation, assistance and information that GCI can reasonably require to enable it to meet its obligations and/or the obligation of GCI`s customers under data protection legislation and to cooperate and comply with the instructions or decisions of a competent data protection authority and, in any event, within such a time frame that would allow it to meet any deadline imposed by the data protection authority. GCI must inform the supplier appropriately in order to meet these requirements. 8.2) The supplier is not entitled to reimbursement of any costs that may be incurred by the Supplier due to or in connection with the compliance with GCI`s instructions for the provision of services in accordance with the Data Protection Act and/or any of its obligations under that agreement or data protection law. The personal data transmitted is subject to the following basic processing activities: Affected persons whose personal data is made available to the provider through the Services, by the customer(or on instruction) or by the end user, including (a) end-users (including the customer`s staff and contractors) are subject to the following basic processing activities. (b) customers, suppliers and subcontractors of the customer (and each of their employees); and (c) any other person whose personal data is transmitted through the services, including those who cooperate and communicate with end-users. 1.1) In this agreement: ”appropriate zone”: an area outside the European Economic Area, which has not been designated by the European Commission as a guarantor of an adequate level of protection under EU data protection legislation.