Under the Data Protection Act 1998 (DPA) UK SaaS suppliers currently have limited obligations to SaaS customers when processing personal data as part of their SaaS services. However, from the 25th of May 2018 the General Data Protection Regulation (GDPR) will impose numerous new data processing obligations on SaaS suppliers. In particular, the obligation for SaaS suppliers to enter into a written data processing agreement with SaaS customers and sub-contractors.
Continue readingTag: data centre
SaaS Agreements – FAQs – Disaster Recovery
Do SaaS suppliers need to included disaster recovery provisions in a SaaS agreement? If so, what provisions should be included and where.
Continue readingSaaS Agreements – SLAs – Business Continuity and Escrow Agents
SaaS customers are increasingly asking for disaster recover provisions to be included within the terms of a SaaS agreement to ensure that they have access to their data and continuity of service if a problem arises at the SaaS supplier’s data centre. The costs of providing disaster recovery used to be prohibitive, due to the requirement of having mirrored servers and transferring data, however there is now a new market opening up with former escrow providers offering a variety of disaster recovery options at affordable prices.
Continue readingSaaS Agreements – Data Protection – Safe Harbor Still Adequate
Recently, the Department of Commerce’s International Trade Administration (ITA) – a US government body – published a document confirming that any SaaS suppliers based in the US (and/or SaaS suppliers using a data centre located in the US) who are “safe harbor” registered must be recognised as having an “adequate” level of data protection. The ITA rejected the view that EU data protection authorities can unilaterally refuse to recognise safe harbor certification as a valid means of demonstrating that a SaaS supplier based in the US (and/or SaaS suppliers using a data centre located in the US) has an adequate level of data protection.
Continue readingSaaS Agreements – FAQs – What is a SLA?
SLA is the common abbreviation used for a service level agreement. When providing SaaS services to customers you need to include a SLA in your SaaS agreement, either as part of the main terms of your SaaS agreement or in a specific SLA schedule. A SLA should set out the following support and maintenance services that you will provide to customers to ensure that the SaaS software is made properly available to them.
Continue readingSaaS Agreements – Data Protection – Recent ICO Fines
The Information Commissioner’s Office (ICO) has started to issue very high fines to a number of companies and individuals, not just for serious breaches of the Data Protection Act (DPA), but also for breaches of the Privacy and Electronic Communications Regulations (PECR). Below is a summary of the recent fines and the reasons for them being imposed.
Continue readingSaaS Agreements – Terms and Conditions – Subcontractors and Outsourcing
The terms of your SaaS agreement must include the right to use sub-contractors as 99% of SaaS suppliers use at least one sub-contractor – a third party data centre – to host their SaaS software. SaaS customers often try to prohibit the use of sub-contractors or place severe restrictions on their use by insisting that they must give prior consent to each sub-contractor. This is not acceptable for practical reasons as often numerous sub-contractors are used in providing the SaaS services and these sub-contractors will change over time.
Continue readingSaaS Agreements – FAQs – Hosting
Under the terms of your SaaS agreement you will be storing, processing and publishing customer content and data on the Internet using servers located and operated at the data centre of a third party. The third party operating the servers is known as a hosting provider. The hosting services are provided from a data centre owned and operated by the hosting provider.
Continue readingSaaS Agreements – SLA – Security Issues
As a SaaS supplier you will have noticed the increasing concerns about security voiced by SaaS customers. Your SaaS agreement should provide comfort to your customer by including security provisions in the service level agreement (SLA). The specifc matters covered will depend on a number of factors set out below.
Continue readingSaaS, ASP Agreements – FAQs – Disaster Recovery
What disaster recovery provisions need to be included in a SaaS agreement?
Continue reading