As a SaaS Supplier or SaaS customer you will be aware that the UK plans to leave the EU on the 29th of March 2019 – Brexit. In light of the various leaving scenarios currently being discussed of which a “no deal Brexit” is looking likely, it is essentail that SaaS suppliers and SaaS customers take steps now to ensure that they can continue to lawfully process and transfer personal data between the EU and the UK following Brexit.Continue reading
EU model clauses are standard data processing agreements that have been approved by the EU Commission as providing adequate protection. There are currently two sets of standard contractual clauses for transfers of personal data between data controllers and one set for transfers between a data controller and a data processor. EU model clauses must be used unamended (other than where specific details may be added, as set out in the notes to the clauses).
Where personal data is transferred from:
a data controller in the EU (SaaS customer) to a data processor outside of the EEA (SaaS supplier); or
a SaaS supplier within the EU to a sub-processor located outside of the EEA;
the SaaS supplier will need to enter into EU model clauses with the SaaS customer or SaaS sub-processor, as applicable.Continue reading
Using a sub-contractor to process your SaaS customer data is a problem under data protection law, where the sub-processor is based outside of the European Economic Area (EEA). Incorporating EU model clauses into your SaaS agreement is NOT the solution to this common problem. EU Model Clauses Under data protectionContinue reading