SaaS suppliers must have adequate data protection policies, procedures and checks in place when employees or third parties are handling SaaS customer data or face the risk of being heavily fined by the Information Commissioner’s Office (ICO) for breaches of the Data Protection Act 1998 (DPA).
Continue readingTag: ICO
SaaS Agreements – Data Protection – Customer Privacy Policy
SaaS Customers often ask or expect SaaS supplier’s to provide them with a privacy policy for use in conjunction with their SaaS products. SaaS suppliers should firmly refuse such requests. Firstly, as they could face liability claims from the customer if the privacy policy is in appropriate and secondly while you will have no adequate knowledge of the issues set out below, which will need to be covered in the privacy policy.
Continue readingSaaS Agreements – Data Protection – Anonymising Data
Often SaaS suppliers or SaaS customers anonymise personal data for use in statistical or marketing information but are unaware that by using such anonymised data they could be breaching the Data Protection Act 1998 (DPA). The Information Commissioner’s Office (ICO) has recently confirmed that anonymised personal data may be disclosed without the consent of the data subject, provided that the anonymised data when linked with other information will not lead to the identification of an individual.
Continue reading