SaaS suppliers must have adequate data protection policies, procedures and checks in place when employees or third parties are handling SaaS customer data or face the risk of being heavily fined by the Information Commissioner’s Office (ICO) for breaches of the Data Protection Act 1998 (DPA).
Continue readingTag: consent
SaaS Agreements – Data Protection – Customer Privacy Policy
SaaS Customers often ask or expect SaaS supplier’s to provide them with a privacy policy for use in conjunction with their SaaS products. SaaS suppliers should firmly refuse such requests. Firstly, as they could face liability claims from the customer if the privacy policy is in appropriate and secondly while you will have no adequate knowledge of the issues set out below, which will need to be covered in the privacy policy.
Continue readingSaaS Agreements – Terms and Conditions – Email Marketing Rules
There are a number of guidelines and laws that have to be complied with when sending marketing emails and text messages in the UK. If you are a SaaS supplier who provides email marketing services as part of your SaaS services to customers you should ensure that your SaaS customers comply with the following rules and Regulations. Also do not forget that you may need to comply with the rules yourself when carrying out your own email marketing campaigns.
Continue readingSaaS Agreements – Data Protection – Anonymising Data
Often SaaS suppliers or SaaS customers anonymise personal data for use in statistical or marketing information but are unaware that by using such anonymised data they could be breaching the Data Protection Act 1998 (DPA). The Information Commissioner’s Office (ICO) has recently confirmed that anonymised personal data may be disclosed without the consent of the data subject, provided that the anonymised data when linked with other information will not lead to the identification of an individual.
Continue readingSaaS Agreements – Data Protection – New Proposed EU Rules – Part 2
On the 25th of January 2012 the European Commission published a proposal for a new Data Protection Regulation to replace the existing EU Data Protection Directive. The proposal sets out a general data protection framework aimed at unifying the current differing data protection rules in the EU. Following on from my first article – part 1, I have summarised the remainder of the major changes this will make to EU data protection law below.
Continue readingSaaS Agreements – Data Protection – New Proposed EU Rules – Part 1
On the 25th of January 2012 the European Commission published a proposal for a new Data Protection Regulation to replace the existing EU Data Protection Directive. The proposal sets out a general data protection framework aimed at unifying the current differing data protection rules in the EU. I have summarised the major changes this will make to EU data protection law in two articles, part 1 of which is set out below.
Continue readingWebsite Legal Requirements – Data Commissioner Fines for Unsolicited E-mails
As a result of an amendment to the Privacy and Electronic Communications Regulations 2003 (PECR), from the 25th of May 2011 the Information Commissioner’s Office (ICO) will have the power to impose fines of up to £500,000 on companies, if they send unwanted marketing e-mails or text messages to consumers.
Continue reading