Although the number of people registering as self-employed dropped recently, people registering as self-employed has grown a whopping 93.9% over the past 20 years. Furthermore, in 2022, there were 5.5 million private businesses in the UK, and a large majority of these were small to medium businesses with less than 250 employees.
A key driver in the growth of self-employment is the increasing use of Software as a Service (SaaS). But although these platforms have provided greater flexibility and helped us embrace mobile work environments instead of needing a fixed business location, SaaS comes with significant legal issues that business owners can easily underestimate. Before looking at the legal issues, let’s examine what SaaS is.
What is SaaS?
SaaS stands for Software as a Service and is essentially where software is supplied as a subscription or on a pay-per-use basis. The software is typically a cloud service hosted by the provider and is accessed by the user via a web browser. Examples can include email, payroll and accounting, HR systems, Customer Relationship Management (CRM) platforms, and other databases.
What distinguishes a SaaS platform from regular software applications?
Several factors make a SaaS platform different from a regular software application, including:
- Installation – there’s no need to install SaaS software.
- Pricing – when you purchase software, you’ll typically need to buy a licence which can be expensive. SaaS has a more flexible pricing structure and is usually available on a subscription.
- Customisation – software is generally more customisable and can be built or tweaked to meet particular customer requirements. SaaS customisation is limited to the tools made available by the provider.
- Upgrades and adding users – as your business expands, buying additional software licenses can be extremely expensive. SaaS upgrades are simple and don’t require additional licences to be purchased.
- Architecture - SaaS is built on a multi-tenant architecture. Users share the same database and application, but their data is secured and only accessible to them. Regular software applications have a single-tenant architecture, meaning each user has a different server, OS, hardware, and DBMS.
Is a SaaS provider a data processor for the UK GDPR?
If a SaaS supplier processes personal data on the customer's instructions and has no reason for processing it for their purposes, then they’re a data processor. This is regardless of whether or not the SaaS supplier decides how the data will be processed.
Legal issues with SaaS Agreements
There are several SaaS legal issues both suppliers and consumers need to be aware of when negotiating a SaaS Agreement, including (but not limited to):
- How data is managed
- Intellectual property
- Liability
How data is managed
You to determine how data protection matters (not only concerning the processing of the business customer’s data but also that of the sensitive data of consumers and suppliers), are going to be managed.
Under Article 28 of the UK GDPR, if a data controller outsources the processing of personal data, it must use “only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject.”
It's important, therefore, to set out your data protection and privacy compliance policies and procedures in the SaaS Agreement or have an additional Data Processing Agreement in place.
Free Data Processing Agreement template
Intellectual property
SaaS providers must safeguard their intellectual property (IP) and ensure the contract protects their IP from being transferred or used in a way that could compromise its integrity.
Liability
A clause to limit the liability of the provider should be included in the agreement to protect it if the service levels (which will also be set out in the contract) aren’t met.
How can you keep data secure with SaaS?
The multi-tenant architecture of a SaaS can make it vulnerable to cybersecurity threats. Therefore, you must ensure that your agreement contains specific provisions related to the mechanisms and procedures for protecting your data and the process to be followed during a data breach. The latter point is also essential to ensure UK GDPR compliance.
Get legal assistance from LawBite
SaaS has transformed the way we work, allowing for agility and cost-savings unimaginable as little as a decade ago. Like most new developments, the legal issues related to SaaS products are untested, with progress rapidly outpacing case law and legislation which SMEs rely on to provide legal certainty. Therefore, both parties to a SaaS Agreement should invest in expert legal advice to protect their interests.
If you have any Software as a Service legal issues or concerns, don’t hesitate to contact us. Our expert lawyers can help you ensure you comply with the data protection law, protect your intellectual property, and have all the right contracts in place to protect your business. To learn more, book a free 15 minute consultation with one of our expert lawyers or call us on 020 3808 8314.