New GDPR Provisions, NIS 2018, and Usability Enhancements

October 2018

Following on from last month’s updates to our Web Development Agreements, we have now published updates to our Web Development and Hosting Agreements and to our standalone Website Hosting Agreement.

New and Updated Documents – Data Processing, Network & Information Systems Security and More

As with our website design and development agreements, our web development and hosting agreements have received a range of updates including comprehensive new data processing provisions designed to over any situation in which a client will be handing over personal data to a developer or hosting service provider for processing. It is important, at this point, to recall that “processing” under the Data Protection Act 2018 and GDPR is very broadly defined and essentially means doing just about anything with the data in question. In a hosting scenario, therefore, it is likely to be very important.

The new provisions are written with DPA 2018 and GDPR compliance in mind. These provisions have been designed to strike a reasonable balance between coverage, detail, and brevity. It is important to keep in mind that, in some cases, a more detailed approach may be desirable in which case a separate data processing agreement should be used and cross-referred to.

Another new addition to these documents comes in the shape of provisions relating to the Network and Information Systems Regulations 2018 (also known as the “NIS Regulations”). As part of these provisions, the developer or host provides detailed information about its security arrangements, particularly as those arrangements relate to (and affect) the client. Undertakings to cooperate with the client, particularly with respect to the client’s own obligations under the NIS Regulations, have also been included.

Please note that the NIS Regulations apply to certain ‘operators of essential services’ in key sectors such as energy, transport, healthcare, drinking water supply and distribution, and digital infrastructure, and to certain ‘Relevant Digital Service Providers’ such as online marketplace providers, search engines, and cloud computing services. This is a highly specialised area and it is strongly recommended that professional legal and technical advice be obtained.

Furthermore, as with our web design and development updates, we have done some housekeeping and have streamlined certain parts of these templates. Again, the important particulars such as the Project, Website, and Hosting Specifications and details of fees and payments should be agreed between the parties and then attached as schedules.

Finally, to bring these web development and hosting documents into line with their ‘non-hosting’ counterparts from last month’s update, new ‘pro-developer’ versions are now also available.

The contents of this Newsletter are for reference purposes only and do not constitute legal advice. Independent legal advice should be sought in relation to any specific legal matter.

Top