As a SaaS Supplier or SaaS customer you will be aware that the UK plans to leave the EU on the 29th of March 2019 – Brexit. In light of the various leaving scenarios currently being discussed of which a “no deal Brexit” is looking likely, it is essentail that SaaS suppliers and SaaS customers take steps now to ensure that they can continue to lawfully process and transfer personal data between the EU and the UK following Brexit.Continue reading
Similar to the rules under the Safe Harbor scheme, SaaS customer and SaaS suppliers need to self-certify their compliance with the principles of the Privacy Shield. The following are the core principles which must be adhered to.
Notice must be given to data subjects about specific issues;
Choice to opt out of disclosure of data to third parties;
Accountability for onward transfer to third parties;
EU data protection law prohibits SaaS suppliers and SaaS customers from transferring personal data to countries or territories outside the EEA unless they are considered to provide adequate protection. Below is a summary of the current position following the recent announcement that the EU-US Privacy Shield has been adopted by the EU Commission and will now replace Safe Harbor.Continue reading
A new privacy agreement called the Privacy Shield has been agreed by the US and EU to replace the safe harbour scheme. The Privacy Shield is based upon safe harbour but has additional protections, particularly with regard to public authority access to personal data. The Privacy Shield must now be reviewed by the European Commission before it can be relied upon and adopted by SaaS suppliers or customers. The European Commission is currently assessing whether or not the Privacy Shield provides adequate protection in accordance with EU data protection laws. This process is expected to take up to 3 months.Continue reading
When negotiating a SaaS agreement with SaaS customers you will often need to transfer customer data outside of the EEA (European Economic Area). This could be at the request of your customer or more usually because you have a sub-contractor such as a data centre located outside of the EEA. SaaS suppliers should be aware of the following in order to comply with their duties under the Data Protection Act.Continue reading