European Economic Area

SaaS Agreements – Brexit – EU Data Transfers to the UK after Brexit

02/02/2018 Irene Bodle

Under EU and UK data protection laws, UK SaaS suppliers are lawfully permitted to transfer personal data of SaaS customers located in the EU to any country within the EEA. From the 30th of March 2019, when the UK leaves the EU (“Brexit Date”), the UK will no longer be part of the EEA and will become a “third country” for data protection purposes, just like the USA.

The European Commission recently confirmed in a Notice that on the Brexit Date, UK based SaaS suppliers can no longer lawfully transfer personal data of SaaS customers located in the EU (i.e. in France, Germany, Spain etc.) to the UK,

SaaS Agreements – Brexit – EU Data Transfers

10/04/2017 Irene Bodle

Once the UK leaves the EU, the UK will no longer be a member of the EEA. UK SaaS suppliers will no longer be lawfully permitted to continue to transfer personal data of EU SaaS customers to the UK unless the UK government, or alternatively SaaS suppliers themselves, put in place measures to make the transfer legal under EU data protection laws.

SaaS Agreements – FAQs – EU Standard Contractual Clauses

22/02/2016 Irene Bodle

EU model clauses are standard data processing agreements that have been approved by the EU Commission as providing adequate protection. There are currently two sets of standard contractual clauses for transfers of personal data between data controllers and one set for transfers between a data controller and a data processor. EU model clauses must be used unamended (other than where specific details may be added, as set out in the notes to the clauses).

Where personal data is transferred from:

a data controller in the EU (SaaS customer) to a data processor outside of the EEA (SaaS supplier); or
a SaaS supplier within the EU to a sub-processor located outside of the EEA;

the SaaS supplier will need to enter into EU model clauses with the SaaS customer or SaaS sub-processor, as applicable.

SaaS Agreements – FAQs – Transferring Data Outside the EEA

07/03/2013 Irene Bodle

When negotiating a SaaS agreement with SaaS customers you will often need to transfer customer data outside of the EEA (European Economic Area). This could be at the request of your customer or more usually because you have a sub-contractor such as a data centre located outside of the EEA. SaaS suppliers should be aware of the following in order to comply with their duties under the Data Protection Act.

SaaS, ASP Agreements – Data Protection Issues with Sub-contractors – Standard Contractual Clauses

22/07/2010 Irene Bodle

Using a sub-contractor to process your SaaS customer data is a problem under data protection law, where the sub-processor is based outside of the European Economic Area (EEA). Incorporating EU standard contractual clauses into your SaaS agreement is NOT the solution to this common problem. EU Standard Contractual Clauses Under

Name	Borlabs Cookie
Provider	Owner of this website
Purpose	Saves the visitors preferences selected in the Cookie Box of Borlabs Cookie.
Privacy Policy	https://www.bodlelaw.com/cookie-policy
Host(s)	www.bodlelaw.com
Cookie Name	borlabs-cookie
Cookie Expiry	90 days

Accept
Name	Google Analytics
Provider	Google LLC
Purpose	Cookies set by Google used for website analytics. Generates statistical data on how the visitor uses the website.
Privacy Policy	https://policies.google.com/privacy?hl=en
Cookie Name	_utma, _utmb, _utmc, _utmt, _utmz
Cookie Expiry	_utma : 2 Years, _utmz : 6 months, _utmb : 30 minutes, _utmt : 10 minutes _utmc : session cookie