SaaS Agreement – Brexit – Need for an EU Representative

A “no deal Brexit” is looking likely for the 31st of October 2019. SaaS suppliers and SaaS customers need to take steps now to ensure that they comply with the requirement to appoint an EU Representative under the GDPR, where they will no longer have any establishment in the EU after Brexit.

Continue reading

SaaS Agreements – FAQs – Data Processor

It is important for a SaaS supplier to understand the legal obligations imposed upon them as a data processor when negotiating a SaaS agreement and a data processing agreement (“DPA“) as the duties of a data processor are not the same as the duties of a data controller. In a

Continue reading

SaaS Agreements – FAQs – Personal Data

It is essential for SaaS providers and SaaS customers to understand what consitutes personal data to ensure that they comply with their respective legal obligations when acting as data controllers and/or data processors. What is Personal Data? Articles 4(1) of the General Data Protection Regulation (“GDPR“) defines personal data as:

Continue reading

SaaS Agreements – GDPR – Personal Data Breaches and How to Avoid them

Recently there have been a number of high profile cases involving the UK’s data protection authority (the “ICO”), imposing very large fines on Marriott and British Airways for serious data breaches. SaaS customers and SaaS suppliers should be reviewing the appropriateness of their technical and organisational measures to avoid the

Continue reading

SaaS Agreements – Preparing for a No Deal Brexit

Currently a “no deal Brexit” is looking likely for the 31st of October 2019. It is therefore essential that SaaS suppliers and SaaS customers take steps now to ensure that they can continue to lawfully process and transfer personal data between the EU and the UK following a no deal Brexit.

Continue reading

SaaS Agreements – Data Protection – Brexit Update

UK SaaS Agreements: In light of the various leaving scenarios of which a “no deal Brexit” is looking likely, it is highly advisable that SaaS suppliers and SaaS customers now take steps to ensure that they can continue to lawfully process and transfer personal data between the EU and the UK following Brexit.

Continue reading

SaaS Agreements – GDPR – Local Derogations

The General Data Protection Regulation (“GDPR”) now applies to all SaaS customers and SaaS companies collecting or processing the personal data of individuals located within the EU. SaaS suppliers and SaaS customers must comply with the terms the GDPR. SaaS suppliers and SaaS customers should be aware that the GDPR does not however fully harmonise data protection law throughout the EU, as each EU country may introduce their own requirements in certain instances (“derogations”) under their own local data protection laws.

Continue reading

SaaS Agreements – GDPR – Data Processing Agreement

Since the General Data Protection Regulation (GDPR) came into force on the 25th of May 2018, SaaS suppliers and SaaS customers are legally obliged to include a written data processing agreement (DPA) in the terms of their SaaS agreements. The DPA usually forms a schedule to the SaaS agreement and must include the specific and detailed mandatory obligations set out in the GDPR. SaaS suppliers should use their own DPA and resist any attempt by a SaaS customer to have them sign up to the SaaS customer’s DPA for the following reasons.

Continue reading

SaaS Agreements – GDPR – Data Protection Act 2018

The UK Data Protection Act 2018 Act came into force on the 25th of May 2018 (“DPA”).

The DPA replaces the Data Protection Act 1998 in its entirety and applies the standards of the General Data Protection Regulation (“GDPR), whilst also attempting to prepare the UK data protection law for Brexit. SaaS customers and SaaS suppliers should familiarise themselves with the terms of the DPA in addition to the provisions of the GDPR – as both apply. The DPA also includes a number of derogations from the GDPR.

Continue reading
Bodle Law