It’s time to spring-clean your IT contracts


The start of a new year is a time for review and planning, in business, as well as in our personal lives. It’s likely that you will be focused on finalising your company’s objectives and strategy for the year ahead. But it’s also important to consider whether the tools and processes that you have in place remain fit for purpose – and that includes your contract templates and contractual risk and compliance processes.

When it comes to the law, “the only thing that is constant is change”. Without fail, each year brings the introduction of new legislation, case law and regulatory guidance that may have an impact on your contracts – whether it’s the terms of use or privacy policy for your website or app, or the contract terms that you use when supplying or purchasing technology services. Therefore, it’s important to carry out a regular review of your contract terms (and any existing contracts) to make sure that they remain compliant with law and are future-proofed as much as possible in terms of new legal and regulatory developments that you know are around the corner.

If you haven’t reviewed your standard terms for some time, here are some of the recent changes that you may have missed.

Data Protection

Are you ready for the new EU data protection law, the General Data Protection Regulation (“GDPR”)? The GDPR comes into force on 25 May 2018 and will apply to the UK as long as it remains a member of the EU.  So, for now, the prudent approach is to make sure that your privacy policy and any technology contracts which involve data processing are compliant with the GDPR. When the UK is no longer part of the EU, the GDPR will no longer apply – because it’s an EU regulation. In those circumstances, depending on what the UK does, personal data could only be exported by an EU business to the UK if the UK is considered to provide an “adequate level of protection”. This may require businesses to put in place alternative data transfer arrangements (such as standard contractual clauses) until the UK’s adequacy status is confirmed. Accordingly, where your contract will involve the transfer of data from the EU to the UK it would be prudent to build into the contract now a mechanism to introduce such alternative arrangements, if and when required.

Modern Slavery Act

The Modern Slavery Act (“Act”) was introduced in October 2015 and requires commercial organisations with a minimum annual turnover of £36 million to produce annual slavery and human trafficking statements. Customers should consider adding appropriate provisions to their standard contracts to deal with compliance with the Act (consistent with the approach typically taken in respect of compliance with bribery and corruption laws). For example, imposing an obligation on the supplier to comply with the Act and ensure compliance throughout its supply chain, together with appropriate warranties and representations, reporting obligations, audit rights and termination rights.

Consumer Protection

In October 2015 the UK introduced a new Consumer Rights Act (“CRA”). If you are involved in providing products or services to consumers and haven’t already done so, you need to review your consumer contracts and website terms to ensure compliance with the Act.

In October 2016, the CMA, published research which revealed that only 15 percent of UK businesses surveyed were familiar with the CRA and 54 percent didn’t fully understand the rules on unfair contract terms. The research also revealed that some businesses may copy terms from larger businesses or competitors, assuming incorrectly that these will be automatically fair and legally binding. 

In addition, note that the 2016 European Court of Justice case VKI v Amazon made clear that consumers are always entitled to mandatory consumer protections applicable in the country where they live. Accordingly, if you enter into cross-border contracts with EU consumers and your standard terms impose the law where you are established this will be unfair if it gives the consumer the impression that only that law applies. Standard consumer terms will need to be updated to make clear that a consumer will benefit from any mandatory consumer protections of the law of their country of residence and that nothing in the terms will affect those rights.

Trade Secrets

In May 2016 a new Trade Secrets Directive (“Directive”) was passed. EU Member States have two years from adoption to implement the Directive into their national laws. To benefit from the Directive’s protections, companies with valuable trade secrets should begin thinking about potential changes to their contracts, processes and procedures now, ahead of the implementation deadline. That includes checking template confidentiality agreements to ensure trade secrets are adequately protected including with respect to reverse engineering of trade secrets, checking whether existing agreements adequately protect trade secrets and reviewing employment contracts and whistleblowing policies.

Regulatory Guidance

It’s also important to check whether there has been any recent regulatory guidance impacting your goods or services which needs to be accounted for in your standard technology contracts. For example, in July 2016, the FCA issued its final guidance on the use of cloud computing. The guidance lists a number of areas that regulated firms should consider when using cloud-based services and that firms will need to take into account when formulating the cloud agreement.


The impact of Brexit will continue to be a dominant legal concern in 2017. The UK government have indicated that the formal Article 50 notification will be made by the end of March 2017. Although we don’t yet know what form the UK’s new arrangements with the EU will look like post-Brexit, organisations should be considering now the potential impact of Brexit on their technology contracts. This will help to ensure that risks are mitigated as much as possible, whichever Brexit model is ultimately adopted. As outlined in a previous blogpost, companies will need to consider issues such as:

- the length of term of the contract;

- how liability for monitoring and the costs of changes in law are apportioned between the parties;

- the potential impact on the location of services;

- whether any specific termination rights are required;

- data privacy implications (see above);

- dealing with references to the EU or EEA in the contract; and

- how disputes will be handled post-Brexit, given the uncertainty in terms of jurisdiction and enforcement if the UK isn’t subject to EU law.

It’s important to take time now to make sure your contracts are up-to-date. Not least because 2017 is set to be another busy year.


Copyright © 2017 IDG Communications, Inc.

Shop Tech Products at Amazon