If your website uses Google analytics and you provide SaaS services to customers based in Germany you are now required to provide specific information to users in order to comply with recent changes to German data protection law.

Google Analytics and German Data Protection

Google analytics collects statistics about website users by „tracking” an individual’s use of a website. This information is then made available to website operators free of charge. Following an agreement between Google and the German data protection authorities it is now the responsibility of the operators of websites to implement certain measures when using Google analytics.

Making your Website Compliant

Under German data protection law website users must be able to stop user profiles being created and prevent their complete IP address from being saved, unless they have specifically consented to this. If you are a SaaS website operator you now need to include the following in your privacy policy:

• inform users that you use Google analytics; and

• advise users that they can turn off Google analytics tracking in their browser settings

In addition you should use a Google software solution that masks the IP address of the user.

Application to UK Websites

Although this is a German data protection issue, if your website is directed at German customers, or the majority of your customers are located in Germany, it is advisable to make these changes in order to avoid any potential breach of German data protection law.

Help

Irene Bodle is an IT lawyer specialising in SaaS agreements with over 10 years experience in the IT sector. If you require assistance with any SaaS, ASP, software on demand contracts or any other IT legal issues contact me:

irene.bodle@bodlelaw.com
www.bodlelaw.com

To register for my newsletter click here

______________________________________________________

Other related articles:

• SaaS Agreements – Essential Elements
• SaaS Agreements – Essential Elements – SLAs Explained
• SaaS Agreements – FAQs – Security
• SaaS Agreements – FAQs – Software Licence
• SaaS Agreements – FAQs – Source Code and Object Code
• SaaS Agreements – FAQs – Escrow
• SaaS Agreements – FAQs – Confidential Information
• SaaS Agreements – FAQs – Data Protection
• SaaS Agreements – Jurisdiction – Info made Available on Internet
• SaaS Agreements – Data Protection – The Patriot Act
• SaaS Agreements – Data Protection – Data Stored in the USA
• SaaS Agreements – Data Protection – Data Commissioner – UK Fines
• SaaS Agreements – Data Protection -  Sub-Contractors,  Model Clauses
• SaaS Agreements – Data Protection – Liability for Loss of Backup Tapes
• SaaS Agreements – Data Protection – Safe Harbor, German Customers
• SaaS Agreements – Data Protection – Transfer of Data Outside the EEA
• SaaS Agreements – Need for an NDA Prior to Signing a SaaS Agreement
• SaaS Agreements – Distributor or Agent – Is There a Difference?
• SaaS Agreements, Software on Demand – Confused?
• Cloud Computing and the Legal Cloud

When providing SaaS services you must specify in your SaaS agreement who is responsible for the backup/loss of customer data. The extent of your backup duties should be included in the service level agreement (SLA) and these will be dependent on a number of factors set out below.

Backup Process

You should set out details about the nature of the backups and the data media being used, for example:

• will the backup be made to tape or disk or using some other media
• how often will the backup media be changed/rotated/updated
• how often will backups be made i.e. hourly/daily/monthly
• will incremental backups be made

Security

In view of customer concerns over data security it is essential that you provide details of where and how the backup media will be stored, for example:

• will this be at a physically separate location
• will a provider other than the hosting centre be used
• what security is in place at the storage location
• who has access to the facility
• is emergency power available

Disaster Recovery

This should be considered as an add on extra, to cover the eventuality that the hosting centre (where the SaaS software and data backups are created)  becomes unusable.  The disaster recovery centre should be physically remote from your hosting centre to avoid a double hit! Other points to consider are:

• carefully define what a “disaster” is
• set out expected data recovery times
• test your disaster recovery procedure at least once a year

Commercial Considerations

The exact nature and extent of any data backup (and related disaster recovery) services that you offer to SaaS customers will depend on:

• how much has the customer pays for the SaaS solution, maintenance and support
• whether or not service credits are offered for breaches of error fix times
• whether the SaaS application is business critical i.e. online banking
• what is standard in that particular business area

Exclusions

Ensure that errors or problems caused by something beyond your control are excluded from your obligations i.e. loss of data caused by the customer’s failure to use the specified browser, hardware, virus checking programmes etc.

Help

Irene Bodle is an IT lawyer specialising in SaaS agreements with over 10 years experience in the IT sector. If you require assistance with any SaaS, ASP, software on demand contracts or any other IT legal issues contact me:

irene.bodle@bodlelaw.com
www.bodlelaw.com

To register for my newsletter click here

______________________________________________________

Other related articles:

• SaaS, ASP Agreements – SLAs Explained – Essential Elements
• SaaS, ASP Agreements – SLA – Security Issues
• SaaS, ASP Agreements – SLA – Maintenance and Support Requirements
• SaaS, ASP Agreements – SLA – Service Credits
• SaaS, ASP Agreements – SLA – Maintenance
• SaaS, ASP Agreements – SLA – Error Fix Times
• SaaS, ASP Agreements – Essential Elements
• SaaS, ASP Agreements – FAQs – Security
• SaaS, ASP Agreements – FAQs – Confidential Information
• SaaS, ASP Agreements – FAQs – Software Licence
• SaaS, ASP Agreements – FAQs – Source Code and Object Code
• SaaS, ASP Agreements – FAQs – Escrow
• SaaS, ASP Agreements – FAQs – Data Protection
• SaaS, ASP Agreements – Data Protection and Safe Harbor, Issues with German Customers
• Legal Clauses to include in a SaaS Sales Proposal
• Cloud Computing and the Legal Cloud
• SaaS, ASP, Software on Demand – Confused?