It is important for a SaaS supplier to understand the legal obligations imposed upon them as a data processor when negotiating a SaaS agreement and a data processing agreement (“DPA“) as the duties of a data processor are not the same as the duties of a data controller. In a SaaS relationship the supplier is always the data processor of the SaaS customer. The SaaS customer is always the data controller of the SaaS supplier. Who is a Data Processor Articel 4(8) of the GDPR defines a data processor as:
Continue readingTag: subject access request
SaaS Agreements – Confidential Information – FOIA and SARs
SaaS suppliers are increasingly dealing with subject access requests (SARs) and freedom of information requests (FOIAs) in relation to SaaS customers. Excessive time and costs can be spent dealing with such requests, unless a SaaS supplier’s obligation to comply with or assist a SaaS customer with such requests is clearly defined in the terms of the SaaS agreement.
Continue readingSaaS Agreements – FAQs – Data Controller
It is important for a SaaS supplier to understand the legal obligations imposed upon a data controller when negotiating a SaaS agreement as the duties of a data controller are not the same as the duties of a data processor. In a SaaS relationship the supplier is always the data processor of the SaaS customer. The SaaS customer is always the data controller. Below is a summary of the obligations of a data controller.
Continue reading