Do Your Commercial Contracts Need A Health Check?

Commercial contracts and terms and conditions for the supply of goods/services (T&Cs) are a vital part of any business and it’s important to ensure that these documents are maintained and updated to reflect changes in legislation.

The implementation of the General Data Protection Regulations (GDPR) on 25 May 2018 is a prime example and is a major shakeup for many UK businesses. So if you haven’t had time to address GDPR yet, it’s likely that your T&Cs will need a health check!

Complacency can be highly costly

 In order to give the GDPR the gravity that data protection deserves, the Government has adopted a range of enforcement powers, which, in some cases, could prove devastating for businesses in breach.

 The risks of not updating your T&Cs to ensure that they are GDPR compliant, are that your business may be subject to:

  • suspension of data processing

This is the most important sanction to be aware of for companies operating in the tech sector, as the ICO has the power to temporary or permanently stop businesses from processing data. For companies that rely on processing data as a major part of their business operations, this has the potential to stop those businesses from trading all together.

  • investigations by the Information Commissioner’s Office (ICO)

The ICO can undertake investigations which may result in the issuing of warnings and reprimands, ordering the rectification, restriction or erasure of data and the suspension of data transfers to third countries.

The recent action taken against Cambridge Analytica shows that the ICO is not afraid to get her hands dirty or use her wide ranging powers. It’s likely that action by the ICO will only increase following the implementation of the GDPR;

  • administrative fines

Businesses may be fined the greater of €20,000,000 or up to 4% of annual global turnover for certain breaches. You certainly wouldn’t want to be caught by this!

  • litigation and court proceedings brought by individuals

Under the GDPR, individuals have the right to compensation resulting from a data breach. With this new right, we may also see a new type of in class action emerging.

  • considerable negative press

As we have recently seen with Facebook, breaching data protection (or even alleged breaches) can cause major PR issues. Facebook’s shares fell by a staggering £35million following the Cambridge Analytica incident.

Doing nothing is simply not an option as it is unlikely that your existing agreements will contain the compulsory provisions required by GDPR.

So which provisions of your commercial contracts and terms and conditions may need to be reviewed?

1) Data Protection Provisions

 Data protection provisions are certainly a good starting point for updates. The GDPR requires contractual terms between controllers and processors which address, (amongst other things):

  • the security of personal data;
  • what the personal data is being used and processed for;
  • the rights and obligations of the processor;
  • the requirements to return or delete personal data when the provision of the services has ceased; and
  • on what basis sub-processors can be appointed by the processor.

2) Definitions and Terminology

The GDPR also includes certain updates to definitions previously incorporated by the Data Protection Act 1998. Each related definition in your T&Cs will need to be carefully reviewed and amended to reflect the updates in the GDPR. You may also need to include additional definitions not previously incorporated by the Data Protection Act 1998, in order to be in compliance.

3) Limitation Provisions and Indemnities

As discussed above, following the implementation of the GDPR, individuals will have greater rights to bring actions against companies and businesses for breach. The ICO will also have greater enforcement powers. It is, therefore, important to review any limitation provisions in your T&Cs to ensure that your business is best protected from any increased exposure.

Just like limitations, indemnities are a form of protection that may need to be reviewed to ensure that your business has contractual rights to recover loss, costs and expenses that may be incurred  as a result of a breach by a third party, supplier, customer or user of your website.

4) Insurance

Depending on the type of business you operate, you may also wish to review any insurance provisions and obligations in your commercial contracts to ensure that the increased liability created by the GDPR is covered.

Ensuring that your commercial contracts and terms and conditions are up to date is important in any circumstance and its good practice to periodically review them and incorporate any necessary updates as a result of changes in legislation.

At Myerson, we have a team of GDPR experts and specialist commercial contract solicitors who have a wealth of knowledge in advising clients on a wide range of commercial contacts and terms and conditions.

We provide clients with varying levels of commercial contract health checks from a simple review and report, to undertaking business wide audits and making active and extensive contract updates to best protect our clients.

If you would like further information on our commercial contract health checks and/or GDPR and how we can assist your company and business, please call us on 0161 941 4000 or email lawyers@myerson.co.uk and ask to speak with our specialist commercial contracts and GDPR team.

 

Contact Us

Don’t get bitten by Bitcoin

CNN recently reported that the cryptocurrency market is moving towards the $350bn mark, with many initial coin offerings (ICOs) taking place in the tech sector, in particular to blockchain start-ups who raised close to $4bn through ICOs in 2017.

It is therefore easy to see why so many investors are exploring the potential rewards in investing in the sector.

However, cryptocurrencies and ICOs have attracted a lot of criticism due to the overwhelming number of scams, failed investments and criminal activity associated with this sector. 

Google and Facebook have banned the advertising ICOs.  The US Securities and Exchange Commission has also warned that many exchanges can do what they want with your money without any repercussion, due to their unregulated nature.

The frequent emergence of fake exchanges, which are here one day and gone the next, is exacerbated by the difficult in spotting the scams in the first place and mean that many investors are left heavily out of pocket.

However, there are some sensible tips to avoid falling victim:

  • Operate only through reputable and well-known exchanges. Make sure you do your research into the history of the exchange and ensure that you are comfortable with the risks.

 

  • Don’t trust the “get rich quick” schemes. If a company is offering outlandish returns on investment, bitcoin mining or doubling your bitcoin, the overwhelming likelihood is that these are scams. The age-old phrase “if it sounds too good to be true” is always worth remembering.

 

  • Avoid links on social media. It is always better to type in the URL address to the website rather than following links to the website, as these links can be hijacked or spoof addresses which are very similar to those they are copying.

 

  • Unsecured web links. If the web addresses of exchanges are marked as “not secured” or do not have the green “https” before the URL, then this is always a red flag. Many instances of reported fake exchanges have security errors in their web addresses and these should be avoided.

In addition, and separate from the risks of scams, it is also worth bearing in mind that many commentators have predicted that cryptocurrency is a bubble which is waiting to burst. 

Accordingly, even if you are confident that an investment opportunity in a cryptocurrency is legitimate and reputable, you should still carefully consider the risks of the investment and we would always advise to take investment advice and proceed with extreme caution before investing in a cryptocurrency.

If you wish to discuss any aspect of this article or cryptocurrencies generally, please contact our Corporate Commercial team.

 

Contact Us

David versus Goliath: top tips for negotiating with tech giants

As we have increasingly become a web-based world with many businesses embracing web-based solutions, there has been a shift from traditional ‘on premise’ systems to cloud based solutions. This has paved the way for tech giants such as Amazon (via its Amazon Web Services (AWS)), Apple (via the AppStore) and Google (via Google Cloud) to firmly establish their place in the cloud services market.

Businesses use these cloud offerings to host their software applications and platforms and utilise them to supply their own services, commonly on a subscription basis.

We have also seen a rise in the number of start-ups offering innovative solutions to the giants of the tech world. Having done battle with them in contract negotiations and reconciled SaaS terms with App terms, we have some top tips for engaging with the big guns.

The pros

From a customer/business perspective, there are many benefits to using cloud-based solutions: low variable costs; the avoidance of incurring a hefty up front infrastructure expense; reliability, scalability and security.   

The giant as a client - landing a client such as Amazon or Google with their brand reputation, connections and very deep pockets could be a dream come true for a savvy supplier…

The cons

These tech giants have numerous sets of standard terms and conditions, a suite of standard contracts and an army of contract managers, in-house counsel and external legal support, all of which can be a minefield to navigate unscathed.

Standard terms tend to be heavily biased towards them as the supplier and are notoriously difficult to negotiate, so you need to be ready for a battle. However, it can and has been done…

Pick your battles

Focus on your key issues - there is room for manoeuvre, but be aware that it is limited. Identify what your keys areas of risk/concern are and focus on them. Typically these are: price; payment terms; the right to cancel; liability and service levels and support (SLAs).

Price: be wary of blanket rights to increase prices. Ideally, the price should be fixed, even on renewal. However, if this is not achievable, a fixed price period followed by capped increases could be an acceptable compromise.

Cancellation: ensure that you have the right to cancel, and that that you will have the right to access and extract your data in a practical and useful way upon exit.

SLAs: ensure that you have a meaningful remedy if the service falls below the standard you expect. Consider what your greatest area of risk is and ensure that the supplier is ‘on the hook’.

Limitations: be mindful that any limitations in the service you receive will need reflecting in the terms you have in place with your customers. For example, if the hosting provider will only pay service credits when availability falls below 99.5%, do not offer your end customer service credits when availability falls below 99.9%.

IPR retention: ensuring you retain your intellectual property rights (IPR) in your product must be a high priority. If any IPRs may be developed during your relationship with your new “uber-customer”, then consideration needs to be given to who should own any such IPRs.

It is not uncommon for larger well established organisations to pressure the underdog by imposing tight timescales and rushing negotiations with minimal contact or putting up barriers to open lines of communication such as “it’s standard practice”, “we don’t negotiate our standard terms, we have them in place with all of our suppliers/customers” or “that will require board approval”. It is also worth remaining sceptical of claims that queries or attempts at negotiation are unusual or unnecessary. It is important not to become panicked by such pressure and remain confident and calm during negotiations, particularly if your request is reasonable and justified and no credible explanation or justification is offered for a flat refusal to consider it.

How we can help

At Myerson, we have a team of specialist IT solicitors who have a wealth of experience in negotiating with large tech providers and have gained valuable insights into their modus operandi.

We advise clients on a wide range of IT contracts and can assist with varying levels of contract health checks, from a simple review and report to undertaking business wide audits and making active and extensive contract updates to best protect our clients.

If you would like further information on the support we can offer during contract negotiations, our IT contract health checks and how we can assist your company and business, please call us on 0161 941 4000 or email lawyers@myerson.co.uk and ask to speak with our specialist IT team.

Contact Us

Blockchain – what is it?

A blockchain is essentially a distributed ledger of transactions. Transactions are recorded in blocks that are linked together in a chain that cannot be retrospectively changed. Each block of transactions is cryptographically stored on the chain and refers back to the previous block, so that an existing block on the chain cannot be changed without changing all subsequent blocks.

In general terms, the typical advantages of a blockchain network include:

  • It is a “real time” record which can be accessed and updated at the same time across the network;
  • It is encrypted;
  • It is hard to tamper with;
  • It is easy to audit;
  • It is not reliant on one single point of control.

A big security advantage to blockchain technology lies in its distributed ledger structure. A “distributed ledger” means that the blockchain information is replicated across the network by the computers that are operating on it. Because the ledger is stored in many locations it makes it much more difficult to change a block’s contents than if the ledger were held by one centralised authority. The distributed nature of the system can reduce vulnerabilities when compared to a centralised data store, because there is no single point of vulnerability.

The potential uses of blockchain

To many people the word “blockchain” is synonymous with cryptocurrencies like Bitcoin and Ethereum and the hype and potential for scandal associated with them, yet there are many exciting uses for blockchain that have little to do with its cryptocurrency origins but that may prove to be the most valuable and influential uses for this technology in years to come. Amongst the potential use cases for blockchain are transactions in digital assets and stock, smart contracts, authentication of identity documents and even digital voting.

A case study: the healthcare sector

The healthcare sector is a key area that stands to benefit from the use of blockchain technology.

Benefits:

  • Real time records: a blockchain-based system of electronic health records could mean that each patient’s record would be accessible at any time, reducing time lost waiting for transfers of records and leading to fewer mistakes (compared to current electronic health records systems are characterised by centralised data and lack of systems-interoperability);
  • Security advantages: vulnerabilities of current systems were exposed by the “WannaCry” ransomware issue that caused chaos across various NHS trusts in May 2017. The security advantages of blockchain could have averted or reduced the impact of these problems.
  • Encryption: healthcare and medical information is extremely sensitive; cryptography is a key element of blockchain technology.
  • Other areas: other areas where blockchain is likely to yield benefits include tracing supply chains of pharmaceuticals, improved data integrity involved in clinical trials and advantages in research from analysing the wealth of data that could be available.

Challenges:

  • Data privacy: data privacy will be a key concern and it remains to be seen how one of blockchain’s key advantages – its resistance to existing information being changed – can be reconciled with data protection obligations not to store personal data for longer than is necessary.
  • Logistical issues: any nationwide system may prove difficult to implement, not least in the UK where the long-standing project to digitise NHS records has been dogged by problems for a number of years. It would require large-scale commitments to invest in blockchain technology.

Conclusion

It may be a number of years before there is wide-spread adoption of blockchain-based electronic healthcare records across the public healthcare system in the UK. However, some technology companies are already looking to exploit blockchain technology in this and many other sectors. There are limitless different uses of blockchain, which is a versatile technology that is fast becoming prevalent across the modern, digital economy.

 

Contact Us

Meet Our Specialists

Home-grown or recruited from national, regional or City firms. Our specialists are experts in their fields and respected by their peers.

Carla Murray

Carla Murray

Carla is a Partner and Head of our Commercial Team

Scott Sands

Scott Sands

Scott is a Partner in our Corporate Team

Terry Moore

Terry Moore

Terry is a Partner in our Corporate and Commercial Teams. Terry is also the Head of the Brexit Team at Myerson

Share our latest news update