Hughes Paddison is delighted to warmly welcome Heidi Aitken to the Equity Partnership. Here we celebrate her career so far and hear about her plans, as an Equity Partner.
- Telephone 01242 574244
- Fax 01242 221631
- Email info@hughes-paddison.co.uk
Search site
Contact our office
Make an enquiry
Blog
The extent of each party’s liability is a key part of a commercial contract and is likely to be subject to extensive negotiation. An indemnity is a promise usually made in a contract to pay money out on the occurrence of a specified event. It aims to protect Part A from suffering a financial loss arising out of the conduct of Party B, over which Party A has no control. Indemnities are important because it is much easier for an indemnified party to establish and recover their loss under an indemnity than through a normal breach of contract claim.
A service agreement which involves the processing of personal data (which includes the personal data of a contracting party’s customers) must include provisions relating to data protection. It is common for the contracting party to insist on an indemnity from the supplier for losses resulting from a breach of data protection provisions, including any fines imposed on them.
In July 2019 the Information Commissioner’s Office (ICO) published its intention to fine British Airways £183.39 million for breaches of the General Data Protection Regulations 2018 (“GDPR”). In October 2020 this fine was ultimately reduced to £20m. This stemmed from a cyber incident where user traffic to the British Airways site was diverted to a fraudulent site. As a result, approximately 500,000 customer details were obtained by attackers. At present, the highest maximum fine that the ICO can impose is 20 million Euros (or equivalent in sterling) or 4% of the total annual worldwide turnover in a company’s preceding financial year, whichever is higher.
In our digital world, cyber security threats are a reality for all businesses with an online presence. The British Airways case did not involve a breach of GDPR arising from the fault of a third party supplier. However, the seriousness of the GDPR breach and steep fine highlights how critical it is for a business to have recourse against a supplier who fails to safeguard their personal data, or any part of the business in which they have a responsibility under the service agreement. It is equally as important for a supplier to know what they are signing up to do and the extent of their liability under any indemnities.
Under the GDPR, a contract relating to the processing of personal data must include certain clauses and would normally include the following requirements for the supplier:
Typically the customer (as the data controller) may seek an uncapped indemnity from the supplier in full against all liabilities, costs, expenses, damages and losses (including any direct, indirect or consequential losses, loss of profit, loss of reputation and all interest, penalties and legal costs (calculated on a full indemnity basis) and all other reasonable professional costs and expenses) suffered or incurred by the customer arising out of or in connection with any claim brought against them in relation to breaches of data protection clauses within the service agreement.
An uncapped indemnity leaves a supplier open to an unlimited claim from the customer. If British Airways was able to establish that the data breach resulted from a failure of its supplier then that supplier may have been liable for £20 million which would have been unlikely to be covered by its insurance. This is why it is important for any prospective supplier to negotiate a cap on their liability.
A supplier should consider limiting its liability in the following ways:
Whatever the commercial agreement, you should always review the terms carefully and pay particular attention to indemnities and limitations on liability. If you would like us to help your business please contact our Corporate and Commercial Team on 01242 574244 or e-mail Head of Department, Jon Rathbone.
The information contained on this page has been prepared for the purpose of this blog/article only. The content should not be regarded at any time as a substitute for taking legal advice.
Hughes Paddison is delighted to warmly welcome Heidi Aitken to the Equity Partnership. Here we celebrate her career so far and hear about her plans, as an Equity Partner.
What our clients say
“Hughes Paddison have provided assistance on numerous occasions consistently acting in an exemplary fashion whilst dealing with all aspects of the issue at hand. It is extremely reassuring to know that our company is represented by such a competent and professional firm.”– Commercial Director, Ferroli Limited
““Jennifer was most helpful, frequently explaining the legal jargon with ease and doing so in an effective manner. This very much helped me follow along with what at times seemed like a daunting process - Jennifer’s ability to explain things clearly made the whole process much easier to deal with.””– Anon
“Just a quick note to say a huge thankyou to both yourself and Jess for the service that you have given me over the last few months. It all seems to have been done with the minimum of fuss which has certainly taken away an element of stress that comes along with selling your house. I now see why you guys came as a recommendation and look forward to dealing with you both again when we purchase our new house next year.”– Anon
“Just a note to say thank you very much to you and your colleagues for dealing with the sale of our late Mum’s property. The service we received was excellent and you were able to resolve all the problems that cropped up!”– Anon
“Jennifer provided sound professional legal advice which I needed to help me to sort out the legal and financial aspects of a difficult personal situation. I wouldn't hesitate to go to her with any family legal matters I have in future.”– R
“Having the support of Marcus throughout what has been a very painful divorce has really helped me get through the last 18 months. Although this has personally been a very difficult process, I know that Marcus has done everything possible to make it as smooth as it can be. I really appreciate the honest, open feedback to all of my questions and also how quickly he responded to them. Above all else, Marcus really does seem to care about his clients and their families. I never had the feeling that this was just a job for Marcus, and I’m so grateful that I was fortunate enough to have had Marcus recommended to me when I did.”– R
“When you use a solicitor its usually in times of need, when you require expert advice and reassurance. This is exactly what our company has received from Hughes Paddison Solicitors and in particular Kimberly Whalen-Blake. Not only is Kimberly extremely well informed and professional; she is also personable and easy to communicate with. She responds to messages and emails promptly and goes over and above to assist. I would have no hesitation in recommending her services; and in the future, if necessary, I will definitely be calling on her expertise. ”– S - UK Parking Design
“ Hughes Paddison came highly recommended and they were not wrong. I am so glad I appointed Kim to represent me. It was a really difficult time and Kim swiftly and compassionately cut through to the crux of the issue and gave me such clear and great advice immediately. The outcome achieved was truly the best for myself and the organisation and avoided more stress for all parties involved, as it was solved very quickly. Most importantly for me, Kim handled the negotiations. The relief of handing this over to someone I completely trusted made a horrible situation much better. Many thanks to Kim and HP.”– Anon
We use essential cookies to make our site work. We'd also like to set analytics cookies that help us make improvements by measuring how you use the site. Clicking Reject All only enables essential cookies. For more detailed information about the cookies we use, see our Cookies page. For further control over which cookies are set, please click here
Our use of cookies.
You can learn more detailed information in our Privacy Policy
Some cookies are essential, whilst others help us improve your experience by providing insights into how the site is being used. The technology to maintain this privacy management relies on cookie identifiers. Removing or resetting your browser cookies will reset these preferences.
Essential Cookies
These cookies enable core website functionality, and can only be disabled by changing your browser preferences.
Google Analytics cookies help us to understand your experience of the website and do not store any personal data. Click here for a full list of Google Analytics cookies used on this site.
Third-Party cookies are set by our partners and help us to improve your experience of the website. Click here for a full list of third-party plugins used on this site.
Comments