Year: 2019

SaaS Agreements – FAQs – Data Processor

It is important for a SaaS supplier to understand the legal obligations imposed upon them as a data processor when negotiating a SaaS agreement and a data processing agreement (“DPA“) as the duties of a data processor are not the same as the duties of a data controller. In a SaaS relationship the supplier is always the data processor of the SaaS customer. The SaaS customer is always the data controller of the SaaS supplier. Who is a Data Processor Articel 4(8) of the GDPR defines a data processor as:

Continue reading

SaaS Agreements – FAQs – Personal Data

It is essential for SaaS providers and SaaS customers to understand what consitutes personal data to ensure that they comply with their respective legal obligations when acting as data controllers and/or data processors. What is Personal Data? Articles 4(1) of the General Data Protection Regulation (“GDPR“) defines personal data as: “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location

Continue reading

SaaS Agreements – GDPR – Personal Data Breaches and How to Avoid them

Recently there have been a number of high profile cases involving the UK’s data protection authority (the “ICO”), imposing very large fines on Marriott and British Airways for serious data breaches. SaaS customers and SaaS suppliers should be reviewing the appropriateness of their technical and organisational measures to avoid the risk of being fined up to 4% of global turnover for serious personal data breaches. Complaints According to the ICO’s annual general report 2018 – 2019 published in July 2019, complaints from members of the public to the ICO have

Continue reading