SaaS suppliers and customers must currently comply with the terms of the Data Protection Act 2018 (DPA) which governs data protection law in the UK. SaaS suppliers and SaaS customers must also comply with the General Data Protection Regulation (GDPR) will applies directly in all Member States of the European Union (EU). Currently the UK is a Member State of the EU and even if a “Brexit” takes place and the UK leaves the EU, the GDPR will still apply in the UK.
Will the GDPR apply to the UK
Whether or not the GDPR will apply to the UK following a Brexit, will depend upon the agreement reached between the UK and the EU on the terms under which the UK will leave the EU and the timing of the Brexit. Namely:
- the GDPR will continue to have direct effect in the UK;
- the applicable data protection regime will depend upon the final terms of the Brexit deal agreed with the EU.
The Brexit deal could require the UK to adopt EU laws in order to be part of the single market, similar to the rules applicable to members of the EEA who are not EU Member States, or the Brexit deal may not require the adoption of EU laws in the UK, but the UK may be required to amend UK laws to comply with EU legislation, similar to the rules.
GDPR will apply even if the UK leaves the EU
Regardless of when the UK leaves the EU, the GDPR rules will still apply to all UK SaaS suppliers and customers after a Brexit, as the GDPR applies to non-EU SaaS suppliers and customers who offer goods or services in the EU, or who monitor the behaviour of EU data subjects.
The current position with regard to a Brexit is unclear and subject to change, however SaaS suppliers and customers need to be aware that current UK data protection rules will change following a Brexit, whenever this occurs. SaaS suppliers and customers, particularly those doing business in the EU, should review their current data protection policies, data aprocessing agreements, privacy policies and procedures to check that they will still comply with the the GDPR following a Brexit.
Irene Bodle is an IT lawyer specialising in SaaS agreements with over 10 years experience in the IT sector. If you require assistance with any SaaS, ASP, software on demand contracts or any other IT legal issues contact me:
To register for my newsletter click here
Other related articles:
- SaaS Agreements – Brexit – Preparing for a No Deal Brexit
- SaaS Agreements – Brexit – Need for an EU Representative
- SaaS Agreements – Brexit – Legal Implications
- SaaS Agreements – Brexit – EU Data Transfers
- SaaS Agreements – Data Protection – Amending EU Model Clauses
- SaaS Agreements – FAQs – What is SaaS and Essential Terms to include in a SaaS Agreement
- SaaS Agreements – Essential Elements
- SaaS Agreements – Essential Elements – SLAs Explained
- SaaS Agreements – Data Protection – Privacy Shield Update
- SaaS Agreements – Data Protection – Data Processing Agreement
- SaaS Agreements – Data Protection – New Obligations for SaaS Suppliers
- SaaS Agreements – Data Protection – New Obligations for SaaS Customers
- SaaS Agreements – Data Protection – Microsoft Irish Data Centre Decision
- SaaS Agreements – Data Protection – New General Data Protection Regulation (GDPR)
- SaaS Agreements – Data Protection – Transfer of Data Outside the EEA
- SaaS Agreements – Data Protection – Which Law Applies
- SaaS Agreements – Data Protection – The Patriot Act
- SaaS Agreements – Data Protection – Russian Data Centres