A chance to hear the latest on employment, property, corporate and restructuring and insolvency and to ask questions and share your opinions.
DATE: Thursday 7 May 2020, 10:00am - 11:00am- delivered via Zoom Video Conference
Search site
Contact our office
Make an enquiry
The extent of each party’s liability is a key part of a commercial contract and is likely to be subject to extensive negotiation. An indemnity is a promise usually made in a contract to pay money out on the occurrence of a specified event. It aims to protect Part A from suffering a financial loss arising out of the conduct of Party B, over which Party A has no control. Indemnities are important because it is much easier for an indemnified party to establish and recover their loss under an indemnity than through a normal breach of contract claim.
A service agreement which involves the processing of personal data (which includes the personal data of a contracting party’s customers) must include provisions relating to data protection. It is common for the contracting party to insist on an indemnity from the supplier for losses resulting from a breach of data protection provisions, including any fines imposed on them.
In July 2019 the Information Commissioner’s Office (ICO) published its intention to fine British Airways £183.39 million for breaches of the General Data Protection Regulations 2018 (“GDPR”). In October 2020 this fine was ultimately reduced to £20m. This stemmed from a cyber incident where user traffic to the British Airways site was diverted to a fraudulent site. As a result, approximately 500,000 customer details were obtained by attackers. At present, the highest maximum fine that the ICO can impose is 20 million Euros (or equivalent in sterling) or 4% of the total annual worldwide turnover in a company’s preceding financial year, whichever is higher.
In our digital world, cyber security threats are a reality for all businesses with an online presence. The British Airways case did not involve a breach of GDPR arising from the fault of a third party supplier. However, the seriousness of the GDPR breach and steep fine highlights how critical it is for a business to have recourse against a supplier who fails to safeguard their personal data, or any part of the business in which they have a responsibility under the service agreement. It is equally as important for a supplier to know what they are signing up to do and the extent of their liability under any indemnities.
Under the GDPR, a contract relating to the processing of personal data must include certain clauses and would normally include the following requirements for the supplier:
Typically the customer (as the data controller) may seek an uncapped indemnity from the supplier in full against all liabilities, costs, expenses, damages and losses (including any direct, indirect or consequential losses, loss of profit, loss of reputation and all interest, penalties and legal costs (calculated on a full indemnity basis) and all other reasonable professional costs and expenses) suffered or incurred by the customer arising out of or in connection with any claim brought against them in relation to breaches of data protection clauses within the service agreement.
An uncapped indemnity leaves a supplier open to an unlimited claim from the customer. If British Airways was able to establish that the data breach resulted from a failure of its supplier then that supplier may have been liable for £20 million which would have been unlikely to be covered by its insurance. This is why it is important for any prospective supplier to negotiate a cap on their liability.
A supplier should consider limiting its liability in the following ways:
Whatever the commercial agreement, you should always review the terms carefully and pay particular attention to indemnities and limitations on liability. If you would like us to help your business please contact our Corporate and Commercial Team on 01242 574244 or e-mail Head of Department, Jon Rathbone.
A chance to hear the latest on employment, property, corporate and restructuring and insolvency and to ask questions and share your opinions.
DATE: Thursday 7 May 2020, 10:00am - 11:00am- delivered via Zoom Video Conference
Cheltenham based solicitors, Hughes Paddison, have announced two promotions within their Senior Management Team. Jon Rathbone has been made an Equity Director within the firm, whilst Julie Bennett has been made a Director.
What our clients say
“Hughes Paddison have provided assistance on numerous occasions consistently acting in an exemplary fashion whilst dealing with all aspects of the issue at hand. It is extremely reassuring to know that our company is represented by such a competent and professional firm.”– Commercial Director, Ferroli Limited
“We are lucky to have the services of Paul Engelbrecht on hand. He has always met our requests and ridiculous deadlines and puts himself out to make life easier for us”– Company Secretary - Supergroup PLC
“Paul has repeatedly demonstrated a high level of legal skill, accuracy, attentiveness and most of all, commercial acumen. I particularly appreciate his eye for detail and ability to take complex legal issues and explain them in lay terms. ”– Relationship Director RBS
“Whilst constantly demonstrating his consummate professionalism and occasional wry sense of humour David has at all times supported me and acted in my best interests resulting in a successful financial settlement and my divorce.”– V
“Jennifer provided sound professional legal advice which I needed to help me to sort out the legal and financial aspects of a difficult personal situation. I wouldn't hesitate to go to her with any family legal matters I have in future.”– R
“Having the support of Marcus throughout what has been a very painful divorce has really helped me get through the last 18 months. Although this has personally been a very difficult process, I know that Marcus has done everything possible to make it as smooth as it can be. I really appreciate the honest, open feedback to all of my questions and also how quickly he responded to them. Above all else, Marcus really does seem to care about his clients and their families. I never had the feeling that this was just a job for Marcus, and Im so grateful that I was fortunate enough to have had Marcus recommended to me when I did.”– R
Clicking the Accept All button means you are accepting analytics and third-party cookies (check the full list). We use cookies to optimise site functionality and give you the best possible experience. To control which cookies are set, click Settings.
Our use of cookies.
You can learn more detailed information in our Privacy Policy
Some cookies are essential, whilst others help us improve your experience by providing insights into how the site is being used. The technology to maintain this privacy management relies on cookie identifiers. Removing or resetting your browser cookies will reset these preferences.
Essential Cookies
These cookies enable core website functionality, and can only be disabled by changing your browser preferences.
Google Analytics cookies help us to understand your experience of the website and do not store any personal data. Click here for a full list of Google Analytics cookies used on this site.
Third-Party cookies are set by our partners and help us to improve your experience of the website. Click here for a full list of third-party plugins used on this site.
Comments