Following on from last month’s updates to our Web Development Agreements,
we have now published updates to our Web Development and Hosting Agreements
and to our standalone Website Hosting Agreement.
New and Updated Documents – Data Processing, Network & Information
Systems Security and More
As with our website design and development agreements, our web development
and hosting agreements have received a range of updates including
comprehensive new data processing provisions designed to over any situation
in which a client will be handing over personal data to a developer or
hosting service provider for processing. It is important, at this point, to
recall that “processing” under the Data Protection Act 2018 and GDPR is
very broadly defined and essentially means doing just about anything with
the data in question. In a hosting scenario, therefore, it is likely to be
The new provisions are written with DPA 2018 and GDPR compliance in mind.
These provisions have been designed to strike a reasonable balance between
coverage, detail, and brevity. It is important to keep in mind that, in
some cases, a more detailed approach may be desirable in which case a
separate data processing agreement should be used and cross-referred to.
Another new addition to these documents comes in the shape of provisions
relating to the Network and Information Systems Regulations 2018 (also
known as the “NIS Regulations”). As part of these provisions, the developer
or host provides detailed information about its security arrangements,
particularly as those arrangements relate to (and affect) the client.
Undertakings to cooperate with the client, particularly with respect to the
client’s own obligations under the NIS Regulations, have also been
Please note that the NIS Regulations apply to certain ‘operators of
essential services’ in key sectors such as energy, transport,
healthcare, drinking water supply and distribution, and digital
infrastructure, and to certain ‘Relevant Digital Service Providers’
such as online marketplace providers, search engines, and cloud
computing services. This is a highly specialised area and it is
strongly recommended that professional legal and technical advice be
Furthermore, as with our web design and development updates, we have done
some housekeeping and have streamlined certain parts of these templates.
Again, the important particulars such as the Project, Website, and Hosting
Specifications and details of fees and payments should be agreed between
the parties and then attached as schedules.
Finally, to bring these web development and hosting documents into line
with their ‘non-hosting’ counterparts from last month’s update, new
‘pro-developer’ versions are now also available.
The contents of this Newsletter are for reference purposes only and do not constitute
legal advice. Independent legal advice should be sought in relation to any specific