Thinking about data sharing agreements

The sharing of personal data by businesses and other organisations is, within Europe and to an extent outside Europe, subject to the General Data Protection Regulation (GDPR). If your organisation is sharing personal data with another organisation, you should be thinking about the legal implications of the sharing.

How to write a data breach notification policy

Businesses and other institutions collect and generate vast amounts of data about the individuals with whom they come into contact.  Many organisations hold records relating to millions of individuals.  Some of this data is highly confidential; and the theft or unauthorised disclosure of even non-confidential this data can cause real damage.  Security incidents involving personal data are reported in the media every day.

How the GDPR will damage personal data security

The GDPR should enhance the protection of personal data across the EU and beyond. That's one of the core functions of the legislation - along with improved harmonisation of data protection law within the EU. However, having spent much of the last 9 months helping clients to prepare for the GDPR, I'm concerned that the new law may have some material negative effects on privacy protection.

GDPR, sub-processors and authorisations

Article 28(2) GDPR provides that a processor of personal data "shall not engage another processor without prior specific or general written authorisation of the controller. In the case of general written authorisation, the processor shall inform the controller of any intended changes concerning the addition or replacement of other processors, thereby giving the controller the opportunity to object to such changes."

This provisions is puzzling in (at least) two respects.

Consumer Rights Act 2015: updated contracts

The Consumer Rights Act 2015 comes into force on 1 October 2015. The Act has far-reaching implications for business providing goods, services and digital content to consumers. I've just finished updating the templates on to take account of the new rules. The updated documents are listed below.

SaaS reseller agreements revisited

Back in October 2012 I wrote this post on the different relationship models that may be used in software-as-a-service (SaaS) channel partner agreements. To my surprise, the post provoked quite some interest. Since 2012, I've drafted and negotiated many more such agreements. Nonetheless, I still find that SaaS reseller agreements can be tricky; and if the initial approach isn't right, you can waste a lot of drafting and negotiation time.