SaaS Agreement – Brexit – Need for an EU Representative

A “no deal Brexit” is looking likely for the 31st of October 2019. SaaS suppliers and SaaS customers need to take steps now to ensure that they comply with the requirement to appoint an EU Representative under the GDPR, where they will no longer have any establishment in the EU after Brexit.

Continue reading

SaaS Agreements – FAQs – Personal Data

It is essential for SaaS providers and SaaS customers to understand what consitutes personal data to ensure that they comply with their respective legal obligations when acting as data controllers and/or data processors. What is Personal Data? Articles 4(1) of the General Data Protection Regulation (“GDPR“) defines personal data as:

Continue reading

SaaS Agreements – Preparing for a No Deal Brexit

Currently a “no deal Brexit” is looking likely for the 31st of October 2019. It is therefore essential that SaaS suppliers and SaaS customers take steps now to ensure that they can continue to lawfully process and transfer personal data between the EU and the UK following a no deal Brexit.

Continue reading

SaaS Agreements – Data Protection – Brexit Update

UK SaaS Agreements: In light of the various leaving scenarios of which a “no deal Brexit” is looking likely, it is highly advisable that SaaS suppliers and SaaS customers now take steps to ensure that they can continue to lawfully process and transfer personal data between the EU and the UK following Brexit.

Continue reading

SaaS Agreements – Brexit – Prepare Now

As a SaaS Supplier or SaaS customer you will be aware that the UK plans to leave the EU on the 29th of March 2019 – Brexit. In light of the various leaving scenarios currently being discussed of which a “no deal Brexit” is looking likely, it is essentail that SaaS suppliers and SaaS customers take steps now to ensure that they can continue to lawfully process and transfer personal data between the EU and the UK following Brexit.

Continue reading

SaaS Agreements – GDPR – Data Processing Agreement

Since the General Data Protection Regulation (GDPR) came into force on the 25th of May 2018, SaaS suppliers and SaaS customers are legally obliged to include a written data processing agreement (DPA) in the terms of their SaaS agreements. The DPA usually forms a schedule to the SaaS agreement and must include the specific and detailed mandatory obligations set out in the GDPR. SaaS suppliers should use their own DPA and resist any attempt by a SaaS customer to have them sign up to the SaaS customer’s DPA for the following reasons.

Continue reading

SaaS Agreements – GDPR – Data Protection Act 2018

The UK Data Protection Act 2018 Act came into force on the 25th of May 2018 (“DPA”).

The DPA replaces the Data Protection Act 1998 in its entirety and applies the standards of the General Data Protection Regulation (“GDPR), whilst also attempting to prepare the UK data protection law for Brexit. SaaS customers and SaaS suppliers should familiarise themselves with the terms of the DPA in addition to the provisions of the GDPR – as both apply. The DPA also includes a number of derogations from the GDPR.

Continue reading

SaaS Agreements – Brexit – EU Data Transfers to the UK after Brexit

Under EU and UK data protection laws, UK SaaS suppliers are lawfully permitted to transfer personal data of SaaS customers located in the EU to any country within the EEA. From the 30th of March 2019, when the UK leaves the EU (“Brexit Date”), the UK will no longer be part of the EEA and will become a “third country” for data protection purposes, just like the USA.

The European Commission recently confirmed in a Notice that on the Brexit Date, UK based SaaS suppliers can no longer lawfully transfer personal data of SaaS customers located in the EU (i.e. in France, Germany, Spain etc.) to the UK,

Continue reading

SaaS Agreements – GDPR – New German Data Protection Law (BDSG)

The General Data Protection Regulation (GDPR) will replace the existing EU Data Protection Directive and aims to harmonise European data protection law from the 25th of May 2018. In Germany, the Government has already amended the existing German Data Protection Act (BDSG) and from the 25th of May 2018 the New German Data Protection Act (New BDSG) and the GDPR will apply together.

Compliance with the New BDSG

Both SaaS suppliers and SaaS customers who provide services to German clients or who collect or process personal data of German data subjects on behalf of international SaaS clients, will need to comply with the terms of the New BDSG in addition to the terms of the GDPR. The New BDSG sets out derogations from certain parts of the GDPR and additional obligations.

Continue reading

SaaS Agreements – FAQs – What is SaaS and Essential Terms to include in a SaaS Agreement

SaaS is the abbreviation for “software as a service”. You may know this under another name, for example subscription agreement, software on demand, software subscription agreement, cloud computing or ASP services (application service provider). These names all refer to the same thing – software being made available via the Internet to users.

Continue reading
Bodle Law