SaaS Agreements – GDPR – US Companies

From the 25th of May 2018 the EU General Data Protection Regulation (GDPR) will come into force and change existing UK data protection laws. The GDPR does not just apply to SaaS suppliers and SaaS customers located in the EU. The GDPR also applies extraterritorially, i.e. to SaaS suppliers and SaaS customers located outside of the EU, for example in the USA, as set out below.

GDPR Applies to US SaaS Customers and SaaS Suppliers

The GDPR will apply to SaaS suppliers and SaaS customers located in the USA if:

They offer goods or services to SaaS customers located within the EU; or
They monitor the behaviour of EU data subjects;

Even though the SaaS supplier or SaaS Customer is not located within the EU.

Continue reading

SaaS Agreements – GDPR – The General Data Protection Regulation

The General Data Protection Regulation (“GDPR”) will replace the existing EU Data Protection Directive and harmonise European data protection law from the 25th of May 2018. In the UK the GDPR will replace the Data Protection Act 1998 from the 25th of May 2018, regardless of “Brexit”. This will have a significant effect on both SaaS suppliers and SaaS customers who will need to comply with the terms of the GDPR. SaaS suppliers and SaaS customers must update all contractual documents that involve data processing, such as SaaS agreements, privacy policies and hosting and support agreements to comply with the new rules under the GDPR before the 25th of May deadline.

Continue reading

SaaS Agreements – GDPR – New German Data Protection Law (BDSG)

The General Data Protection Regulation (GDPR) will replace the existing EU Data Protection Directive and aims to harmonise European data protection law from the 25th of May 2018. In Germany, the Government has already amended the existing German Data Protection Act (BDSG) and from the 25th of May 2018 the New German Data Protection Act (New BDSG) and the GDPR will apply together.

Compliance with the New BDSG

Both SaaS suppliers and SaaS customers who provide services to German clients or who collect or process personal data of German data subjects on behalf of international SaaS clients, will need to comply with the terms of the New BDSG in addition to the terms of the GDPR. The New BDSG sets out derogations from certain parts of the GDPR and additional obligations.

Continue reading

SaaS Agreements – Brexit – How Brexit and the GDPR will affect SaaS Businesses

SaaS suppliers should be aware that from the 25th of May 2018, the General Data Protection Regulation (GDPR) will apply directly in all Member States of the European Union (EU).

Many SaaS suppliers are concerned about their data protection obligations following “Brexit” and are unaware that they will still have obligations (as data processors) to comply with the new rules imposed by the GDPR post Brexit.

Continue reading

SaaS Agreements – Data Protection – What SaaS Suppliers need to know about the GDPR

From the 25th of May 2018 the EU General Data Protection Regulation (GDPR) will come into force and change existing data protection laws in all 28 EU member states. The GDPR will place direct obligations on SaaS suppliers (data processors) in relation to data processing activities. In addition customers (data controllers), their clients (data subjects) and local data protection authorities will be able to enforce breaches of the new rules directly against SaaS suppliers.

Continue reading

SaaS Agreements – Brexit – Amendments to Terms and Conditions

SaaS suppliers and SaaS customers are becoming increasingly concerned about the effect of “Brexit” upon the terms of their existing SaaS agreements, particularly where contracts are subject to English law or SaaS suppliers or customers are located within the UK. Below is a summary of the main issues that SaaS suppliers need to be aware of that may result in problems arising now or in the future with the terms of their existing SaaS agreements.

Continue reading

SaaS Agreements – Brexit – EU Data Transfers

Once the UK leaves the EU, the UK will no longer be a member of the EEA. UK SaaS suppliers will no longer be lawfully permitted to continue to transfer personal data of EU SaaS customers to the UK unless the UK government, or alternatively SaaS suppliers themselves, put in place measures to make the transfer legal under EU data protection laws.

Continue reading

SaaS Agreements – Reseller Agreements – Price Fixing

SaaS suppliers and SaaS resellers should be aware that price fixing is illegal under UK and EU competition law. Often SaaS resellers are not aware that the terms of their SaaS reseller agreement include price fixing clauses. For example: If the SaaS reseller agreement includes clause on resale price maintenance (RPM). This will usually be deemed to be price fixing by the Competition and Markets Authority (CMA) who investigates breaches of competition law in the UK.

Continue reading