From the 25th of May 2018 the EU General Data Protection Regulation (GDPR) will come into force and change existing UK data protection laws. The GDPR will place further more onerous obligations on SaaS customers (data controllers) in relation to all data processing. SaaS customers need to amend the terms of their existing SaaS agreements and privacy policies and implement the changes into internal policies and procedures in order to comply with the upcoming changes in UK data protection law.
Continue readingTag: SaaS expert
SaaS Agreements – Data Protection – New Obligations for SaaS Suppliers
From the 25th of May 2018 the EU General Data Protection Regulation (GDPR) will come into force and change existing UK data protection laws. The GDPR will place direct obligations on SaaS suppliers (data processors) in relation to data processing activities. In addition SaaS customers (data controllers) and their clients (data subjects) will be able to enforce breaches of the new rules directly against SaaS suppliers. SaaS suppliers need to amend the terms of their existing SaaS agreements in order to comply with the upcoming changes in data protection law.
Continue readingSaaS Agreements – Data Protection – Cyber Insurance
Currently most SaaS suppliers and SaaS customers do not take put specific cyber insurance and rely upon the provisions of a general insurance policy to cover liabilities in the event of a claim for a cyber incident or a data breach. This is partly due to the fact that few insurers offer adequate cyber insurance policies and SaaS customer and SaaS supplier’s failure to consider the need for a specialist policy of insurance, to ensure that they are covered in the event of a claim being denied under a general insurance policy.
Continue readingSaaS Agreements – Data Protection – Privacy Shield Approved
EU data protection law prohibits SaaS suppliers and SaaS customers from transferring personal data to countries or territories outside the EEA unless they are considered to provide adequate protection. Below is a summary of the current position following the recent announcement that the EU-US Privacy Shield has been adopted by the EU Commission and will now replace Safe Harbor.
Continue readingSaaS Agreements – FAQs – Disaster Recovery
Do SaaS suppliers need to included disaster recovery provisions in a SaaS agreement? If so, what provisions should be included and where.
Continue readingSaaS Agreements – Terms and Conditions – Limitation Clauses
SaaS suppliers should always include limitation clauses in their SaaS terms and conditions to attempt to limit or exclude liability for certain types of losses and to cap their financial liability for breaches of contract. However, in order for limitation clauses to be valid, SaaS suppliers must ensure that the wording of the limitation clause is clear and unambiguous, otherwise the whole clause could be ruled void by a court and the SaaS supplier’s liability will then be unlimited.
Continue readingSaaS Agreements – FAQs – Reseller Agreements
SaaS suppliers who decide to use a local partner to resell their SaaS software to customers outside of the countries in which they are based, will need to have a reseller/distributor agreement in place between themselves and each SaaS reseller/distributor. What is a SaaS Reseller/Distributor? A SaaS reseller is the same as a SaaS distributor. A reseller/distributor purchases the supplier’s SaaS software and services under the terms of a reseller/distribution agreement. The SaaS reseller/distributor then resells the SaaS software and services to its own local customers in its local territory
Continue readingSaaS Agreements – Data Protection – General Data Protection Regulation (GDPR)
At the end of 2015 the European Commission published the test of the new Data Protection Regulation (“GDPR”) which will replace the existing EU Data Protection Directive and harmonise European data protection law. The GDPR is expected to be adopted in Spring 2016. Once adopted, the GDPR will come into force within 2 years and in the UK the GDPR will replace the Data Protection Act 1998. This will have a significant effect on both SaaS suppliers and SaaS customers.
Continue readingSaaS Agreements – Data Protection – EU US Privacy Shield
A new privacy agreement called the Privacy Shield has been agreed by the US and EU to replace the safe harbour scheme. The Privacy Shield is based upon safe harbour but has additional protections, particularly with regard to public authority access to personal data. The Privacy Shield must now be reviewed by the European Commission before it can be relied upon and adopted by SaaS suppliers or customers. The European Commission is currently assessing whether or not the Privacy Shield provides adequate protection in accordance with EU data protection laws. This process is expected to take up to 3 months.
Continue readingSaaS Agreements – Data Protection – Direct Marketing Rules
In September 2013 the Information Commissioner’s Office (ICO) published a lengthy guide to Direct Marketing. The guide covers compliance with the Data Protection Act 1998 (DPA) and the Privacy and Electronic Communications Regulations 2003 (PECR) in relation to the sending of unsolicited marketing. SaaS suppliers who are sending unsolicited marketing to SaaS customers and prospective customers should check their compliance with the guidance. Additionally, the Direct Marketing Association (DMA) has also published its own further supplemental guide which provides detailed guidance on how and when to obtain consent to marketing
Continue reading