SaaS suppliers and SaaS customers currently have to comply with complicated rules and include onerous obligations in their SaaS agreements, data processing agreements and data privacy practices to lawfully make restricted transfers of personal data when proving SaaS services. Before making any restricted transfers of personal data, SaaS suppliers must ensure that the specific safeguards required under the UK GDPR and the EU GDPR are in place.
Continue readingTag: EEA
SaaS Agreements – Data Protection – Privacy Shield Approved
EU data protection law prohibits SaaS suppliers and SaaS customers from transferring personal data to countries or territories outside the EEA unless they are considered to provide adequate protection. Below is a summary of the current position following the recent announcement that the EU-US Privacy Shield has been adopted by the EU Commission and will now replace Safe Harbor.
Continue readingSaaS Agreements – Data Protection – EU US Privacy Shield
A new privacy agreement called the Privacy Shield has been agreed by the US and EU to replace the safe harbour scheme. The Privacy Shield is based upon safe harbour but has additional protections, particularly with regard to public authority access to personal data. The Privacy Shield must now be reviewed by the European Commission before it can be relied upon and adopted by SaaS suppliers or customers. The European Commission is currently assessing whether or not the Privacy Shield provides adequate protection in accordance with EU data protection laws. This process is expected to take up to 3 months.
Continue readingSaaS Agreements – FAQs – Transferring Data Outside the EEA
When negotiating a SaaS agreement with SaaS customers you will often need to transfer customer data outside of the EEA (European Economic Area). This could be at the request of your customer or more usually because you have a sub-contractor such as a data centre located outside of the EEA. SaaS suppliers should be aware of the following in order to comply with their duties under the Data Protection Act.
Continue readingSaaS, ASP Agreements – Data Protection Issues with Sub-contractors – Standard Contractual Clauses
Using a sub-contractor to process your SaaS customer data is a problem under data protection law, where the sub-processor is based outside of the European Economic Area (EEA). Incorporating EU standard contractual clauses into your SaaS agreement is NOT the solution to this common problem. EU Standard Contractual Clauses Under
Continue readingSaaS, ASP Agreements – Transfer of Personal Data outside of the EEA
There are no restrictions on transferring personal data within the EEA. However, due to the global nature of SaaS or ASP agreements personal data often needs to be transferred outside of the EEA, for example to an IT outsourcing provider in India, a subsidiary of your company in China or a data centre or software development centre in Vietnam.
Continue readingSaaS, ASP Agreements – FAQs – Data Protection
Data protection issues must be adequately covered in any SaaS agreement to protect both the supplier and the customer. Data Protection Act 1998. The Act applies to the processing of personal data, for example name/email addresses, dates of birth, national insurance number of any living individual.
Continue reading