Phil Parkinson, head of the Commercial Law team at Blacks Solicitors shares his best advice on what software providers need to be aware of in their day-to-day work and be able to identify what may cause potential issues later down the line.
What services are being provided
Data protection and liability may change depending on the software provider, for example is it software and support or elements of implementation that is being provided? Once a provider establishes the service they are providing they can identify their day-to-day responsibilities.
Intellectual property rights
Software providers must understand their intellectual property (IP) rights. They need to check they have the right to use and sub-licence any coding or software that is used in their practice to prevent third party claims for IP infringements. Intellectual property infringement is the violation of an intellectual property right and may include the software provider using a third party’s trade marks, or infringing copyright.
It is vital for a software provider to keep their own IP protected too; they must ensure that they have strong licences to use with their own customers and any ‘right to terminate’ is clear on the happening of specific events.
Liability and protecting data
Software providers are liable to protect all the data they collect and must ensure that any contracts they enter into have strong clauses to assist in limiting liability.
In addition to making sure there is a strong focus on data protection, it is paramount that service providers carry out audits on how data is used. The information gathered can then be used to inform policies and contracts with other suppliers and customers that the software provider may work with.
Organisations are required to take responsibility for what they do with personal data and need to be able to demonstrate the steps in place to protect it. This is called the Accountability Principle and it is one of the key principles of UK GDPR, which places an onus on organisations such as software providers that act as data controllers.
Software providers must be able to operate in a UK GDPR compliant manner and be able to provide evidence to demonstrate this. In their day-to-day work software providers can put in place measures to demonstrate compliance, for example, having a data protection policy, carrying out data protection impact assessments and maintaining documentation of all processing activities.
Providers must also consider where data is sent around the world and whether third parties are also processing the data. They must ensure that all third parties they work with also have a strong protections around data protection.
Preparing for issues that cannot be controlled
‘Force majeure’ or issues that cannot be controlled, such as the 2020 Covid pandemic, highlighted the issue created for service providers when being faced with issues they cannot control. Force majeure is a provision in a contract that frees both parties from an agreed obligation if an extraordinary event directly prevents one or both parties from performing their agreed role. It is now understood and advised that all contracts should include relevant provisions stating exactly how to deal with them and the various implications.
Term and termination
When service providers sign contracts with individuals or third parties, they must establish how long the service will be provided for and there are provisions for the provider to be able to terminate this agreement if the customer is not co-operating.
For more information, please visit