SaaS Agreements – Preparing for a No Deal Brexit

Currently a “no deal Brexit” is looking likely for the 31st of October 2019. It is therefore essential that SaaS suppliers and SaaS customers take steps now to ensure that they can continue to lawfully process and transfer personal data between the EU and the UK following a no deal

Continue reading

SaaS Agreements – GDPR – Data Processing Agreement

Since the General Data Protection Regulation (GDPR) came into force on the 25th of May 2018, SaaS suppliers and SaaS customers are legally obliged to include a written data processing agreement (DPA) in the terms of their SaaS agreements. The DPA usually forms a schedule to the SaaS agreement and must include the specific and detailed mandatory obligations set out in the GDPR. SaaS suppliers should use their own DPA and resist any attempt by a SaaS customer to have them sign up to the SaaS customer’s DPA for the following reasons.

Continue reading

SaaS Agreements – Terms and Conditions – Data Processing Agreement

Under the Data Protection Act 1998 (DPA) UK SaaS suppliers currently have limited obligations to SaaS customers when processing personal data as part of their SaaS services. However, from the 25th of May 2018 the General Data Protection Regulation (GDPR) will impose numerous new data processing obligations on SaaS suppliers. In particular, the obligation for SaaS suppliers to enter into a written data processing agreement with SaaS customers and sub-contractors.

Continue reading

SaaS Agreements – SLAs – Business Continuity and Escrow Agents

SaaS customers are increasingly asking for disaster recover provisions to be included within the terms of a SaaS agreement to ensure that they have access to their data and continuity of service if a problem arises at the SaaS supplier’s data centre. The costs of providing disaster recovery used to be prohibitive, due to the requirement of having mirrored servers and transferring data, however there is now a new market opening up with former escrow providers offering a variety of disaster recovery options at affordable prices.

Continue reading

SaaS Agreements – Data Protection – Safe Harbor Still Adequate

Recently, the Department of Commerce’s International Trade Administration (ITA) – a US government body – published a document confirming that any SaaS suppliers based in the US (and/or SaaS suppliers using a data centre located in the US) who are “safe harbor” registered must be recognised as having an “adequate” level of data protection. The ITA rejected the view that EU data protection authorities can unilaterally refuse to recognise safe harbor certification as a valid means of demonstrating that a SaaS supplier based in the US (and/or SaaS suppliers using a data centre located in the US) has an adequate level of data protection.

Continue reading

SaaS Agreements – FAQs – What is a SLA?

SLA is the common abbreviation used for a service level agreement. When providing SaaS services to customers you need to include a SLA in your SaaS agreement, either as part of the main terms of your SaaS agreement or in a specific SLA schedule. A SLA should set out the following support and maintenance services that you will provide to customers to ensure that the SaaS software is made properly available to them.

Continue reading

SaaS Agreements – Data Protection – Recent ICO Fines

The Information Commissioner’s Office (ICO) has started to issue very high fines to a number of companies and individuals, not just for serious breaches of the Data Protection Act (DPA), but also for breaches of the Privacy and Electronic Communications Regulations (PECR). Below is a summary of the recent fines and the reasons for them being imposed.

Continue reading

SaaS Agreements – Terms and Conditions – Subcontractors and Outsourcing

The terms of your SaaS agreement must include the right to use sub-contractors as 99% of SaaS suppliers use at least one sub-contractor – a third party data centre – to host their SaaS software. SaaS customers often try to prohibit the use of sub-contractors or place severe restrictions on their use by insisting that they must give prior consent to each sub-contractor. This is not acceptable for practical reasons as often numerous sub-contractors are used in providing the SaaS services and these sub-contractors will change over time.

Continue reading

SaaS Agreements – FAQs – Hosting

Under the terms of your SaaS agreement you will be storing, processing and publishing customer content and data on the Internet using servers located and operated at the data centre of a third party. The third party operating the servers is known as a hosting provider. The hosting services are provided from a data centre owned and operated by the hosting provider.

Continue reading
Bodle Law