SaaS Agreements – GDPR – The General Data Protection Regulation

The General Data Protection Regulation (“GDPR”) will replace the existing EU Data Protection Directive and harmonise European data protection law from the 25th of May 2018. In the UK the GDPR will replace the Data Protection Act 1998 from the 25th of May 2018, regardless of “Brexit”. This will have a significant effect on both SaaS suppliers and SaaS customers who will need to comply with the terms of the GDPR. SaaS suppliers and SaaS customers must update all contractual documents that involve data processing, such as SaaS agreements, privacy policies and hosting and support agreements to comply with the new rules under the GDPR before the 25th of May deadline.

Continue reading

SaaS Agreements – GDPR – New German Data Protection Law (BDSG)

The General Data Protection Regulation (GDPR) will replace the existing EU Data Protection Directive and aims to harmonise European data protection law from the 25th of May 2018. In Germany, the Government has already amended the existing German Data Protection Act (BDSG) and from the 25th of May 2018 the New German Data Protection Act (New BDSG) and the GDPR will apply together.

Compliance with the New BDSG

Both SaaS suppliers and SaaS customers who provide services to German clients or who collect or process personal data of German data subjects on behalf of international SaaS clients, will need to comply with the terms of the New BDSG in addition to the terms of the GDPR. The New BDSG sets out derogations from certain parts of the GDPR and additional obligations.

Continue reading

SaaS Agreements – Data Protection – What SaaS Suppliers need to know about the GDPR

From the 25th of May 2018 the EU General Data Protection Regulation (GDPR) will come into force and change existing data protection laws in all 28 EU member states. The GDPR will place direct obligations on SaaS suppliers (data processors) in relation to data processing activities. In addition customers (data controllers), their clients (data subjects) and local data protection authorities will be able to enforce breaches of the new rules directly against SaaS suppliers.

Continue reading

SaaS Agreements – Reseller Agreements – Price Fixing

SaaS suppliers and SaaS resellers should be aware that price fixing is illegal under UK and EU competition law. Often SaaS resellers are not aware that the terms of their SaaS reseller agreement include price fixing clauses. For example: If the SaaS reseller agreement includes clause on resale price maintenance (RPM). This will usually be deemed to be price fixing by the Competition and Markets Authority (CMA) who investigates breaches of competition law in the UK.

Continue reading

SaaS Agreements – Terms and Conditions – Data Processing Agreement

Under the Data Protection Act 1998 (DPA) UK SaaS suppliers currently have limited obligations to SaaS customers when processing personal data as part of their SaaS services. However, from the 25th of May 2018 the General Data Protection Regulation (GDPR) will impose numerous new data processing obligations on SaaS suppliers. In particular, the obligation for SaaS suppliers to enter into a written data processing agreement with SaaS customers and sub-contractors.

Continue reading

SaaS Agreements – Data Protection – New obligations for SaaS Customers

From the 25th of May 2018 the EU General Data Protection Regulation (GDPR) will come into force and change existing UK data protection laws. The GDPR will place further more onerous obligations on SaaS customers (data controllers) in relation to all data processing. SaaS customers need to amend the terms of their existing SaaS agreements and privacy policies and implement the changes into internal policies and procedures in order to comply with the upcoming changes in UK data protection law.

Continue reading

SaaS Agreements – Data Protection – New Obligations for SaaS Suppliers

From the 25th of May 2018 the EU General Data Protection Regulation (GDPR) will come into force and change existing UK data protection laws. The GDPR will place direct obligations on SaaS suppliers (data processors) in relation to data processing activities. In addition SaaS customers (data controllers) and their clients (data subjects) will be able to enforce breaches of the new rules directly against SaaS suppliers. SaaS suppliers need to amend the terms of their existing SaaS agreements in order to comply with the upcoming changes in data protection law.

Continue reading