From the 25th of May 2018 the EU General Data Protection Regulation (GDPR) will come into force and change existing data protection laws in all 28 EU member states. The GDPR will place direct obligations on SaaS suppliers (data processors) in relation to data processing activities. In addition customers (data controllers), their clients (data subjects) and local data protection authorities will be able to enforce breaches of the new rules directly against SaaS suppliers.Continue reading
SaaS suppliers and SaaS customers are becoming increasingly concerned about the effect of “Brexit” upon the terms of their existing SaaS agreements, particularly where contracts are subject to English law or SaaS suppliers or customers are located within the UK. Below is a summary of the main issues that SaaS suppliers need to be aware of that may result in problems arising now or in the future with the terms of their existing SaaS agreements.Continue reading
Once the UK leaves the EU, the UK will no longer be a member of the EEA. UK SaaS suppliers will no longer be lawfully permitted to continue to transfer personal data of EU SaaS customers to the UK unless the UK government, or alternatively SaaS suppliers themselves, put in place measures to make the transfer legal under EU data protection laws.Continue reading
SaaS suppliers and SaaS resellers should be aware that price fixing is illegal under UK and EU competition law. Often SaaS resellers are not aware that the terms of their SaaS reseller agreement include price fixing clauses. For example: If the SaaS reseller agreement includes clause on resale price maintenance (RPM). This will usually be deemed to be price fixing by the Competition and Markets Authority (CMA) who investigates breaches of competition law in the UK.Continue reading
Under the Data Protection Act 1998 (DPA) UK SaaS suppliers currently have limited obligations to SaaS customers when processing personal data as part of their SaaS services. However, from the 25th of May 2018 the General Data Protection Regulation (GDPR) will impose numerous new data processing obligations on SaaS suppliers. In particular, the obligation for SaaS suppliers to enter into a written data processing agreement with SaaS customers and sub-contractors.Continue reading
SaaS customers and SaaS Suppliers should be aware that in October 2016 the Information Commissioner’s Office (ICO) issued a £400,000 fine against TalkTalk for serious breaches of the Data Protection Act 1998 (DPA). The fine was issued in relation to the hacking of personal data stored in a database that was accessible via the Internet.Continue reading
SaaS suppliers and SaaS customers are increasingly relying upon the use of EU model clauses to enable them to lawfully export personal data outside of the EEA following the invalidity of Safe Harbor in 2016 and the current implementation of the EU-US Privacy Shield (which replaces Safe Harbor). SaaS customers often try to amend the terms of the EU model clauses when negotiating the SaaS agreement with the SaaS supplier. This can result in the EU model clauses being invalid as they do not provide adequate protection for the data transfer.
SaaS suppliers should therefore be aware of the risks of agreeing to any changes to EU model clause and know which changes are, and are not, permitted to ensure that they are not in breach of data protection laws.Continue reading
UK SaaS suppliers must currently comply with the terms of the Data Protection Act 1998 (DPA), which governs data protection law in the UK. SaaS suppliers should be aware that from the 25th of May 2018, the General Data Protection Regulation (GDPR) will apply directly in all Member States of the European Union (EU).
Many SaaS suppliers are concerned about their data protection obligations following Brexit and are unaware that they will still have obligations (as data processors) to comply with the new rules imposed by the GDPR, even after a Brexit.Continue reading
From the 25th of May 2018 the EU General Data Protection Regulation (GDPR) will come into force and change existing UK data protection laws. The GDPR will place further more onerous obligations on SaaS customers (data controllers) in relation to all data processing. SaaS customers need to amend the terms of their existing SaaS agreements and privacy policies and implement the changes into internal policies and procedures in order to comply with the upcoming changes in UK data protection law.Continue reading
From the 25th of May 2018 the EU General Data Protection Regulation (GDPR) will come into force and change existing UK data protection laws. The GDPR will place direct obligations on SaaS suppliers (data processors) in relation to data processing activities. In addition SaaS customers (data controllers) and their clients (data subjects) will be able to enforce breaches of the new rules directly against SaaS suppliers. SaaS suppliers need to amend the terms of their existing SaaS agreements in order to comply with the upcoming changes in data protection law.Continue reading