SaaS Agreements – GDPR – Data Protection Act 2018

The UK Data Protection Act 2018 Act came into force on the 25th of May 2018 (“DPA”).

The DPA replaces the Data Protection Act 1998 in its entirety and applies the standards of the General Data Protection Regulation (“GDPR), whilst also attempting to prepare the UK data protection law for Brexit. SaaS customers and SaaS suppliers should familiarise themselves with the terms of the DPA in addition to the provisions of the GDPR – as both apply. The DPA also includes a number of derogations from the GDPR.

Continue reading

SaaS Agreements – GDPR – Age of Consent

The General Data Protection Regulation (“GDPR”) and the new Data Protection Act 2018 (“DPA”) now apply in the UK. SaaS suppliers and SaaS customers must comply with the terms of both the GDPR and the DPA. SaaS suppliers and SaaS customers should be aware that the GDPR does not fully harmonise data protection law throughout Europe, as each EU country may introduce their own requirements in certain instances (“derogations”). SaaS suppliers and SaaS customers who operate in, or collect or process personal data from persons located in different EU countries need to be aware of the different rules in each EU country.

Continue reading

SaaS Agreements – GDPR – New German Data Protection Law (BDSG)

The General Data Protection Regulation (GDPR) will replace the existing EU Data Protection Directive and aims to harmonise European data protection law from the 25th of May 2018. In Germany, the Government has already amended the existing German Data Protection Act (BDSG) and from the 25th of May 2018 the New German Data Protection Act (New BDSG) and the GDPR will apply together.

Compliance with the New BDSG

Both SaaS suppliers and SaaS customers who provide services to German clients or who collect or process personal data of German data subjects on behalf of international SaaS clients, will need to comply with the terms of the New BDSG in addition to the terms of the GDPR. The New BDSG sets out derogations from certain parts of the GDPR and additional obligations.

Continue reading
Bodle Law