Data Protection has now become a central issue for Software as a Service (SaaS) – especially those Start-Ups responsible for managing internal and sensitive client data.
At GECKO we manage lots of project and internal data on behalf of our clients (in partnership with Dell). A key consideration of SaaS StartUps like ourselves is keeping abreast of the constantly changing rules and regulations that apply to data management and protection throughout the globe.
Our Business Development Team has been closely analysing some of the key areas of Data Protection for clients based in Europe, the US and the Middle East.
The core issues and “best practices” that have emerged around this issue include:-
- Data Protection requirements around Security and Location.
- What is an “Adequate” Standard of Data Protection?
- Guidance on transfers abroad.
- Countries approved by the EEA and outside of the EU “Approved” list.
Keeping in mind that anything in Ireland is managed under EU data protection law, here are a few essentials to be aware of when transferring data abroad:-
- The primary consideration is where the data is being transferred outside of the EU/EEA (EU plus Liechtenstein, Norway and Iceland) – for example the USA. In these cases organisations must get specific consent from their customers or they have to sign up to the EU’s Model Clauses.
- Model Clauses are a fixed agreement set out by the EU, which are signed between (for example) GECKO and the company to which we are transferring the data. This means if a SaaS company is transferring data to a hosting centre located in Asia, you have to get the hosting centre to sign the agreement.
- Another vital aspect of Data Protection was the Safe Harbour Agreement. This has now been invalidated. This agreement applied to American companies – so for example a SaaS company used a provider like Amazon Web Services (AWS), the company would have been covered by Safe Harbour. This is no longer the case. Instead now key data storage providers (e.g. AWS, Dell, Microsoft etc) offer model clauses to European clients to manage the transfer of data to their servers in America.
Within EU law there are Eight Key Rules of Data Protection. These are applicable to all companies and across all data.
If your organisation is dealing with international customers seeking a SaaS solution, it is vital to be fully informed of the latest rules and regulations – as data protection laws are a moving target, coming in many different forms in different jurisdictions.
Article published on Irish Tech News at http://irishtechnews.net/ITN3/data-protection-what-saas-companies-need-to-know-by-shane-brett/
GECKO is the first real-time programme management solution that provides organisations a live view across a portfolio of many projects.
Check out our 2 min GECKO video here:- https://youtu.be/Wa62i8NJLC8
Contact:- [email protected]