SaaS Agreements – Data Protection – Cyber Security Issues

SaaS Customers are increasingly raising questions about the security provisions that SaaS suppliers include in their SaaS agreements and insisting on including onerous rights of audit to monitor and check compliance. Under the UK’s Data Protection Act (DPA) SaaS customers (data controllers) are required to take appropriate technical and organisational measures to prevent the:

unauthorised or unlawful processing of personal data; and
accidental loss, destruction or damage to personal data.

In order to comply with these duties and avoid substantial fines SaaS customers need to ensure that SaaS suppliers have adequate security measures in place to prevent data protection breaches from occurring.

Continue reading

SaaS Agreements – Data Protection – Recent ICO Fines

The Information Commissioner’s Office (ICO) has started to issue very high fines to a number of companies and individuals, not just for serious breaches of the Data Protection Act (DPA), but also for breaches of the Privacy and Electronic Communications Regulations (PECR). Below is a summary of the recent fines and the reasons for them being imposed.

Continue reading
Bodle Law