Recently SaaS suppliers have seen a marked increase in EU customers raising concerns about disclosure of their data to US law enforcement authorities under the Patriot Act – an American anti-terrorism law – particularly where the SaaS supplier has a parent company in the USA or data is being hosted or processed in the USA.Continue reading
What are Binding Corporate Rules?
BCR’s are a set of rules adopted within a particular company or corporate group that provide legally binding protections for data processing within the company or group to cover global data transfers.Continue reading
As a result of an amendment to the Privacy and Electronic Communications Regulations 2003 (PECR), from the 25th of May 2011 the Information Commissioner’s Office (ICO) will have the power to impose fines of up to £500,000 on companies, if they send unwanted marketing e-mails or text messages to consumers.Continue reading
On the 8th of February 2011 Ealing and Hounslow Councils were fined £80,000 and £70,000 respectively by the Data Commissioner for serious breaches of the Data Protection Act (DPA) following the theft of two laptops from the house of an employee of Ealing Council.Continue reading
Using a sub-contractor to process your SaaS customer data is a problem under data protection law, where the sub-processor is based outside of the European Economic Area (EEA). Incorporating EU standard contractual clauses into your SaaS agreement is NOT the solution to this common problem. EU Standard Contractual Clauses UnderContinue reading