On the 16th of July 2020 the EU-US Privacy Shield was ruled invalid with immediate effect by the European Court of (“CJEU”). The steps that SaaS suppliers now need to take depend on the scale and type of international data flows and the transfer mechanisms used. If you rely solely upon the EU-US Privacy Shield for transfers to the US, you must replace the Privacy Shield with the EU Commission’s Standard Contractual Clauses (“SCCs”).
Continue readingTag: guidance
SaaS Agreements – Brexit – Transition Period
Brexit has now taken place and the UK has left the EU. However until the end of the transition period the UK is still treated as being part of the EU to enable an EU trade deal to be negotiated. This means that although SaaS suppliers and SaaS customers can continue to lawfully process and transfer personal data between the EU and the UK until the expiry of the transition period on the 31st of December 2020, SaaS suppliers and SaaS customers still need to take action now to amend existing documents to reflect that fact that the UK is no longer part of the EU.
Continue readingSaaS Agreements – Brexit – Need for an EU Representative
A “no deal Brexit” is looking likely for the 31st of October 2019. SaaS suppliers and SaaS customers need to take steps now to ensure that they comply with the requirement to appoint an EU Representative under the GDPR, where they will no longer have any establishment in the EU after Brexit.
Continue readingSaaS Agreements – Preparing for a No Deal Brexit
Currently a “no deal Brexit” is looking likely for the 31st of October 2019. It is therefore essential that SaaS suppliers and SaaS customers take steps now to ensure that they can continue to lawfully process and transfer personal data between the EU and the UK following a no deal Brexit.
Continue readingSaaS Agreements – Data Protection – Brexit Update
UK SaaS Agreements: In light of the various leaving scenarios of which a “no deal Brexit” is looking likely, it is highly advisable that SaaS suppliers and SaaS customers now take steps to ensure that they can continue to lawfully process and transfer personal data between the EU and the UK following Brexit.
Continue readingSaaS Agreements – Data Protection – Direct Marketing Rules
In September 2013 the Information Commissioner’s Office (ICO) published a lengthy guide to Direct Marketing. The guide covers compliance with the Data Protection Act 1998 (DPA) and the Privacy and Electronic Communications Regulations 2003 (PECR) in relation to the sending of unsolicited marketing. SaaS suppliers who are sending unsolicited marketing
Continue readingWebsite Legal Requirements – Cookies – Non-compliance of Public Authority Websites
As a result of changes to the EU Privacy and Electronic Communications Directive it is unlawful to use cookies to collect user data without first obtaining explicit consent. In a recent audit of over 600 public sector websites only 1% complied with the new cookie law.
Continue readingWebsite Legal Requirements – Cookies and Consent Policies
As a result of changes to the EU Privacy and Electronic Communications Directive, it is now unlawful to use cookies to collect user data without first obtaining explicit consent. Accordingly, the Information Commissioner’s Office (ICO), which is responsible for ensuring that websites comply with the new cookie law, has implemented a technical solution on its own website with the result that traffic to it plummeted.
Continue reading