notification – Bodle Law

SaaS Agreements – GDPR – Local Derogations

29/06/2018 Irene Bodle

The General Data Protection Regulation (“GDPR”) now applies to all SaaS customers and SaaS companies collecting or processing the personal data of individuals located within the EU. SaaS suppliers and SaaS customers must comply with the terms the GDPR. SaaS suppliers and SaaS customers should be aware that the GDPR does not however fully harmonise data protection law throughout the EU, as each EU country may introduce their own requirements in certain instances (“derogations”) under their own local data protection laws.

SaaS Agreements – GDPR – Age of Consent

12/06/2018 Irene Bodle

The General Data Protection Regulation (“GDPR”) and the new Data Protection Act 2018 (“DPA”) now apply in the UK. SaaS suppliers and SaaS customers must comply with the terms of both the GDPR and the DPA. SaaS suppliers and SaaS customers should be aware that the GDPR does not fully harmonise data protection law throughout Europe, as each EU country may introduce their own requirements in certain instances (“derogations”). SaaS suppliers and SaaS customers who operate in, or collect or process personal data from persons located in different EU countries need to be aware of the different rules in each EU country.

SaaS Agreements – GDPR – US Companies

18/01/2018 Irene Bodle

From the 25th of May 2018 the EU General Data Protection Regulation (GDPR) will come into force and change existing UK data protection laws. The GDPR does not just apply to SaaS suppliers and SaaS customers located in the EU. The GDPR also applies extraterritorially, i.e. to SaaS suppliers and SaaS customers located outside of the EU, for example in the USA, as set out below.

GDPR Applies to US SaaS Customers and SaaS Suppliers

The GDPR will apply to SaaS suppliers and SaaS customers located in the USA if:

They offer goods or services to SaaS customers located within the EU; or
They monitor the behaviour of EU data subjects;

Even though the SaaS supplier or SaaS Customer is not located within the EU.

SaaS Agreements – GDPR – The General Data Protection Regulation

18/12/2017 Irene Bodle

The General Data Protection Regulation (“GDPR”) will replace the existing EU Data Protection Directive and harmonise European data protection law from the 25th of May 2018. In the UK the GDPR will replace the Data Protection Act 1998 from the 25th of May 2018, regardless of “Brexit”. This will have a significant effect on both SaaS suppliers and SaaS customers who will need to comply with the terms of the GDPR. SaaS suppliers and SaaS customers must update all contractual documents that involve data processing, such as SaaS agreements, privacy policies and hosting and support agreements to comply with the new rules under the GDPR before the 25th of May deadline.

SaaS Agreements – Data Protection – General Data Protection Regulation (GDPR)

15/02/2016 Irene Bodle

At the end of 2015 the European Commission published the test of the new Data Protection Regulation (“GDPR”) which will replace the existing EU Data Protection Directive and harmonise European data protection law. The GDPR is expected to be adopted in Spring 2016. Once adopted, the GDPR will come into force within 2 years and in the UK the GDPR will replace the Data Protection Act 1998. This will have a significant effect on both SaaS suppliers and SaaS customers.

SaaS Agreements – Data Protection – Update on the EU Draft Data Protection Regulation

13/12/2013 Irene Bodle

SaaS suppliers should be aware of the recent changes made by the EU Parliament to the draft EU Data Protection Regulation (Regulation). If this amended version of the Regulation becomes law next year the obligations of SaaS suppliers who process personal data on behalf of customers will radically change. A summary of the current main proposed provisions is set out below.

SaaS Agreements – Data Protection – Cyber Security Issues

27/03/2013 Irene Bodle

SaaS Customers are increasingly raising questions about the security provisions that SaaS suppliers include in their SaaS agreements and insisting on including onerous rights of audit to monitor and check compliance. Under the UK’s Data Protection Act (DPA) SaaS customers (data controllers) are required to take appropriate technical and organisational measures to prevent the:

unauthorised or unlawful processing of personal data; and
accidental loss, destruction or damage to personal data.

In order to comply with these duties and avoid substantial fines SaaS customers need to ensure that SaaS suppliers have adequate security measures in place to prevent data protection breaches from occurring.

SaaS Agreements – Data Protection – New Proposed EU Rules – Part 1

02/03/2012 Irene Bodle

On the 25th of January 2012 the European Commission published a proposal for a new Data Protection Regulation to replace the existing EU Data Protection Directive. The proposal sets out a general data protection framework aimed at unifying the current differing data protection rules in the EU. I have summarised the major changes this will make to EU data protection law in two articles, part 1 of which is set out below.

SaaS, ASP Agreements – FAQs – Disaster Recovery

05/05/2010 Irene Bodle

What disaster recovery provisions need to be included in a SaaS agreement?

Name	Borlabs Cookie
Provider	Owner of this website
Purpose	Saves the visitors preferences selected in the Cookie Box of Borlabs Cookie.
Privacy Policy	https://www.bodlelaw.com/cookie-policy
Host(s)	www.bodlelaw.com
Cookie Name	borlabs-cookie
Cookie Expiry	90 days

Accept
Name	Google Analytics
Provider	Google LLC
Purpose	Cookies set by Google used for website analytics. Generates statistical data on how the visitor uses the website.
Privacy Policy	https://policies.google.com/privacy?hl=en
Cookie Name	_ga, _gid, _utma, _utmb, _utmc, _utmt, _utmz
Cookie Expiry	_ga : 2 Years, _gid : 1 day, _utmz : 6 months, utma : 2 years