As business people we all know the substantial advantages of putting software onto cloud based systems. Indeed one of the biggest growth areas of our contract work has been helping developers and customers tailor software as a service or SaaS agreements that meet their needs.
The advantages of using SaaS are obvious. You no longer need to take up space on your own servers and IT systems to store software and data. Software versions are automatically updated and provided there is Wi-Fi access an end user can often access systems as they move about. The down side can be data security and compliance with the Data Protection Act 1998 (DPA).
So here are a few tips for users and developers:
1.If you are putting sensitive personal data into a cloud based system, then make sure you have the data subject’s consent. If you are a SaaS provider you may want to expressly request your customers comply with that and provide a warranty that they’ve done so.
2. It is always a good idea to insure a risk in business. Data losses and breaches can be insured and either or both parties may wish to look at this. Often reviewing the risks helps businesses be better prepared for any problems which may arise. If you’re a supplier of SaaS then make sure your insurance liability is capped and proportionate to the responsibility you face.
3. Be aware of the issues that arise from storing data outside the EU. If you provide SaaS and some of your data centres are outside the EU then make sure your clients know of this and get written consent from your customers to host data in other locations. If you are a user of SaaS then ask your provider where and how your data is stored.
4. Under the Data Protection Act 1998, businesses are required to take appropriate technical measures to ensure that data is safe and that data can’t be easily lost, stolen or damaged. In some circumstances the SaaS provider will have to comply with the customer’s specific security requirements.
5. In 2018 the EU are issuing a further regulation on Data Protection and the Data Regulation is expected to supersede the DPA. As we all know the gloves are off with the Brexit campaign, but the short point is that even if we leave the EU, the Regulation will impact SaaS and customers based in the UK.
6. If you have any questions about SaaS or other types of software services, then we’d be delighted to help. Our first 20 minute interviews are undertaken at no cost to you.
If you want to discuss this or any related Intellectual Property matters, please get in touch with us on 0113 237 9900 (Leeds Office) or 0207 4128372 (London Office).