Software-as-a-service: Proper contracts required

Although SaaS, a software delivery template available via the Internet, offers many options it also entails risks, particularly in the fields of privacy and continuity. By making a proper contract, you can control these risks.

The advantages that SaaS offers include a shift from fixed costs (investment in your own IT infrastructure) to variable costs (fixed fee for each user and transaction). The responsibility for keeping your own applications up-to-date is also transferred to the provider.

However, there are significant risks with SaaS. If, by using the application(s), personal data are processed (e.g. customer or employee data), the client himself will remain responsible for compliance with the requirements of the Dutch Personal Data Protection Act. In such a situation, you are even required to make a separate data processor contract.

Continuity is another item to be addressed. Any breakdown of the provider’s platform poses a direct risk to the continuity of your business. These risks may also be an issue at the end of the contract (in principle: not owning your own copy and the external environment being shared with others). You simply check the actual legal effect of the provider’s obligations (in terms of the obligation to perform to the best of one’s ability and the obligation to generate proper results). You may control these risks only if you devote proper attention to the risks that SaaS poses, both in the contract and in the service-level agreement.

For more information, please contact Kees Stuurman or Louis Jonker, IT Practice.

Return to newsletter »