Tag: fines

SaaS Agreements – GDPR – US Companies

From the 25th of May 2018 the EU General Data Protection Regulation (GDPR) will come into force and change existing UK data protection laws. The GDPR does not just apply to SaaS suppliers and SaaS customers located in the EU. The GDPR also applies extraterritorially, i.e. to SaaS suppliers and SaaS customers located outside of the EU, for example in the USA, as set out below.

GDPR Applies to US SaaS Customers and SaaS Suppliers

The GDPR will apply to SaaS suppliers and SaaS customers located in the USA if:

They offer goods or services to SaaS customers located within the EU; or
They monitor the behaviour of EU data subjects;

Even though the SaaS supplier or SaaS Customer is not located within the EU.

Continue reading

SaaS Agreements – GDPR – The General Data Protection Regulation

The General Data Protection Regulation (“GDPR”) will replace the existing EU Data Protection Directive and harmonise European data protection law from the 25th of May 2018. In the UK the GDPR will replace the Data Protection Act 1998 from the 25th of May 2018, regardless of “Brexit”. This will have a significant effect on both SaaS suppliers and SaaS customers who will need to comply with the terms of the GDPR. SaaS suppliers and SaaS customers must update all contractual documents that involve data processing, such as SaaS agreements, privacy policies and hosting and support agreements to comply with the new rules under the GDPR before the 25th of May deadline.

Continue reading

SaaS Agreements – Reseller Agreements – Price Fixing

SaaS suppliers and SaaS resellers should be aware that price fixing is illegal under UK and EU competition law. Often SaaS resellers are not aware that the terms of their SaaS reseller agreement include price fixing clauses. For example: If the SaaS reseller agreement includes clause on resale price maintenance (RPM). This will usually be deemed to be price fixing by the Competition and Markets Authority (CMA) who investigates breaches of competition law in the UK.

Continue reading

SaaS Agreements – Data Protection – New obligations for SaaS Customers

From the 25th of May 2018 the EU General Data Protection Regulation (GDPR) will come into force and change existing UK data protection laws. The GDPR will place further more onerous obligations on SaaS customers (data controllers) in relation to all data processing. SaaS customers need to amend the terms of their existing SaaS agreements and privacy policies and implement the changes into internal policies and procedures in order to comply with the upcoming changes in UK data protection law.

Continue reading

SaaS Agreements – Data Protection – New Obligations for SaaS Suppliers

From the 25th of May 2018 the EU General Data Protection Regulation (GDPR) will come into force and change existing UK data protection laws. The GDPR will place direct obligations on SaaS suppliers (data processors) in relation to data processing activities. In addition SaaS customers (data controllers) and their clients (data subjects) will be able to enforce breaches of the new rules directly against SaaS suppliers. SaaS suppliers need to amend the terms of their existing SaaS agreements in order to comply with the upcoming changes in data protection law.

Continue reading

SaaS Agreements – Data Protection – Cyber Insurance

Currently most SaaS suppliers and SaaS customers do not take put specific cyber insurance and rely upon the provisions of a general insurance policy to cover liabilities in the event of a claim for a cyber incident or a data breach. This is partly due to the fact that few insurers offer adequate cyber insurance policies and SaaS customer and SaaS supplier’s failure to consider the need for a specialist policy of insurance, to ensure that they are covered in the event of a claim being denied under a general insurance policy.

Continue reading

SaaS Agreements – Data Protection – General Data Protection Regulation (GDPR)

At the end of 2015 the European Commission published the test of the new Data Protection Regulation (“GDPR”) which will replace the existing EU Data Protection Directive and harmonise European data protection law. The GDPR is expected to be adopted in Spring 2016. Once adopted, the GDPR will come into force within 2 years and in the UK the GDPR will replace the Data Protection Act 1998. This will have a significant effect on both SaaS suppliers and SaaS customers.

Continue reading

SaaS Agreements – Data Protection – Update on the EU Draft Data Protection Regulation

SaaS suppliers should be aware of the recent changes made by the EU Parliament to the draft EU Data Protection Regulation (Regulation). If this amended version of the Regulation becomes law next year the obligations of SaaS suppliers who process personal data on behalf of customers will radically change. A summary of the current main proposed provisions is set out below.

Continue reading

SaaS Agreements – Data Protection – Cyber Security Issues

SaaS Customers are increasingly raising questions about the security provisions that SaaS suppliers include in their SaaS agreements and insisting on including onerous rights of audit to monitor and check compliance. Under the UK’s Data Protection Act (DPA) SaaS customers (data controllers) are required to take appropriate technical and organisational measures to prevent the:

unauthorised or unlawful processing of personal data; and
accidental loss, destruction or damage to personal data.

In order to comply with these duties and avoid substantial fines SaaS customers need to ensure that SaaS suppliers have adequate security measures in place to prevent data protection breaches from occurring.

Continue reading