Ask HN: Dealing with EU clients requiring EU compliance
Currently I have a company from the EU wishing to use my SaaS. Without going into detail on what I do, I collect data on behalf of them and am a "data importer" as concerned by the EU.
They have provided me with a standard EU based contract (Article 26(2) of Directive 95/46/EC) to sign.
I am Australian based and have servers in the US but nothing within the EU. I only handle email and IP addresses and only ever give access to this information to the promoter or for internal use within my company.
However this contract increases my liability and obligations in reporting any data handling of their data and an obligation to respond to any person who entered data in our system and provide them access to their information or deal with how they wished. Currently this client only represents $150 per year and I am wondering what others have done in this situation, if they have faced similar situations dealing with companies in the EU.
I decided not to sign the document and give them a refund, was I over reacting? I am not a lawyer but the additional liability didn't seem worth it.
1 comment
[ 349 ms ] story [ 3284 ms ] threadWe have a small (Local Authority) customer who keeps trying to get us to indemnify their risks when upgrading networks and other infrastructure (will we guarantee our software will still run and they will suffer no data loss?) - all for a similarly priced software purchase quite a few years ago. We simply refuse but it does not stop them trying and they don't even pay for maintenance.