SaaS Agreements – Brexit – Prepare Now

Brexit will take place on the 31st of January 2020 following the House of Commons approval of the Brexit withdrawl agreement. It is now essential that SaaS suppliers and SaaS customers take steps before the 31st of January 2020 to ensure that they can continue to lawfully process and transfer personal data between the EU and the UK after Brexit.

Data Flows

The exact measures SaaS suppliers and SaaS customers need to take will depend upon the structure of their businesses and their personal data flows:

  • The locations of offices and employees
  • Where SaaS customers are located
  • From which countries SaaS customers collect personal data that is to be processed
  • Where data centres are located
  • Where any sub-processors are located
  • Where any suppliers and sub-contractors are located
  • Where subsidiaries are located
  • Where the Data Protection Officer is located

Actions to be taken

Depending upon the company’s structure and it’s data flows, SaaS suppliers and SaaS customers need to take the following actions:

Further Information Sources

The UK’s data protection authority (the “ICO”) has published updated guides for businesses and SMEs on preparing for Brexit and these provide useful information for SaaS customers and SaaS suppliers.


Whether you are a SaaS supplier or SaaS customer you must take action before the 31st of January to ensure that you will be able to continue to lawfully transfer personal data from persons located in the EU to and from the UK after Brexit.


Irene Bodle is an IT lawyer specialising in SaaS, with over 14 years experience dealing with SaaS, cloud computing matters and IT law issues. If you require assistance with any SaaS agreements, cloud computing matters or any other IT legal issues, in particular “Brexit”, please contact me at:

To register for my newsletter click here


Other related articles:

Bodle Law