|
Legal Talk 21: What Clauses Should I Include in a Services Contract?
You call me. You're very excited. Your second deal is likely to come in. The Customer doesn't have a standard template because it is a medium sized business and so has asked you to send them the first draft. I can help you to prepare a template. “Great,” you say. “Can I have it now?” Slow down a second, I say. I think that key things to understand at this point is who are you dealing with and what are they looking for. You say that you are dealing with an IT manager and that they want to order about $30k worth of software and services initially. They are keen to do the deal. Okay, what you need is something really short and user friendly. Perhaps just a few pages. The only things that you really need to make sure are in there are clauses to say: 1. You get paid 2. You keep all IP 3. You spell out what is in scope and what is out of scope. 4. You are not responsible for losses above a cap (normally the value of the contract). I can put this in a letter from you to the IT manager which he can sign and return to you and you will have a contract. It really is something short and simple. Some lawyers might turn their noses up at this approach and insist upon you presenting a 20 pager to the IT manager. But the problem with this, in my experience, is that the IT manager might get spooked and send it to his legal department or external law firm. If this happens then it could end up taking a long time for any kind of response and there is a good chance that his legal people will insist on a long contract which is quite onerous on you. You might have little option but to accept, otherwise the whole deal could be put on hold. So, let's prepare a letter just spelling out the key terms and then ask the IT manager to amend it as he thinks fit and then sign it. “Good”, you say. “I just need to keep getting these deals in and then signing them off.” You want to move forward fast! Okay, this is a good approach at this stage, I think. Of course, when you get bigger and the deals become more complex then longer contracts might be needed but for now let's go with the letter and see what happens. I say that I will get the letter over to you later in the day and hopefully the IT manager will sign today or tomorrow. You're excited about how things are moving forward and I am too. I get on with the letter and send it to you within the hour. In the meantime, check out this PDF for some further information: file:///C:/Users/Lawyer/Downloads/10_Must_Have_Contract_Clauses%20(1).pdf. Look forward to hearing about how things go. Best wishes, Jimmy Desai Your Legal Coach P.S. Don't forget to subscribe and get even more exclusive content and legal insight. As always, this legal talk and all the legal talks are subject to our disclaimer, which you can find here. © 2019. Coaching Law Limited. All rights reserved.
0 Comments
Legal Talk 20: How to Analyse Contracts
You have secured your first contract. Congratulations! But you would like me to look over it before you sign up. It is a services contract where you are providing software and services to a large corporate. The large corporate has provided you with a contract and you just need to get a legal view on it. Okay, I say. Understand that you are wary of signing it because you don't want to sign your life away. But remember, that this is a big corporate and you have very little bargaining strength so it's important to focus on the key elements of the contract. “But what are the key elements?” You say. Okay, the key elements (in my humble opinion) are: 1. Money: Ensure that all the figures are right and that the payment terms mean that you get paid when you think you are going to get paid. 2. IP: Make sure that all your IP stays with you so you are not transferring all of your IP (i.e. a large part of your business) to the big corporate. 3. No Indemnities: Basically, this is a blank cheque for the corporate so if things go wrong then it gets reimbursement for all of the money that it loses (and some of this money that it loses can be quite far-fetched when it makes a claim). 4. Limit on Liability: If you are signing a contract for US$100k then ideally you want to cap your liability on the contract to US$100K. Alternatively, you can get insurance relatively cheaply which will give you a few million in cover. So, you might be pragmatic here and not even argue this point since if you are covered up to a large amount (and there is no way that any claim is really going to get to that amount anyway). You might just try to cap liability at whatever you can manage to negotiate. “But”, you say, “the contract runs on for 30 pages. Should you go through every clause?” Yes, you could. There will probably be quite a few nasties in there and it is good to be aware of them. But when dealing with a big corporate (particularly on your first deal) my experience is to just stick to a few changes. “But surely I should negotiate it all?” You say. Yes, you could do, but the big corporate may lose interest and ongoing negotiations may bring up other issues which simply prolong things and delays the deal (or break the deal altogether!). Let me give you an example in another context. Say you were going for a job at Apple as one of their marketing people. They offer you a contract. You start to pick up every point in the employment contract that might not be in your favour and try to get them to change lots of the contract just for you - what do you think your chances of getting all of your changes agreed are? Also, if you nit-pick too much, they might well take the deal off the table entirely. So, when dealing with the big corporate, I would suggest just taking into account points 1 to 4 above (and perhaps one or two more if the points they have made are really draconian) but not much more than that. But in terms of negotiation strategy, I would suggest doing some research, perhaps starting here: https://www.entrepreneur.com/article/248732. Does that make sense? “Yes”, you say. “Got it.” “But”, you say, “one question: what if my lawyer spots a lot of problems with the contract? Surely, I should bring all of these to the attention of the big corporate client?” Well, the thing is that your lawyer needs to ensure that he has covered his back so you don't come back later on to say that he didn't tell you about something. But the thing is, your lawyer's wish to cover his back is a completely different point to you trying to get a deal done now. Sometimes you just have to be aware of the risks your lawyer points out, but live with the fact that you can't make all the changes to the contract you would like. Sometimes you might be able to deal with some of these issues practically and so in reality they are unlikely to ever happen anyway. However, the upside of this approach is that you get the deal done and get cash in bank. Yes, issues might arise later on but this might be a better position than not actually having the deal in the first place. It's up to you whether or not you do the deal - it's not up to your lawyer. “Got it,” you say. “This makes sense.” I am about to go into more detail but the line goes dead. I get the feeling that you are keen to get your first big deal secured! Look forward to hearing how things go. Always thinking about how I can help you grow your company. Best wishes, Jimmy Desai Your Legal Coach P.S. Don't forget to subscribe and get even more exclusive content and legal insight. As always, this legal talk and all the legal talks are subject to our disclaimer, which you can find here. © 2019. Coaching Law Limited. All rights reserved. Legal Talk 19: A Brief on Data Regulations
You keep seeing flyers and advertisements for seminars that are about the new data regulations. “I’m interested in this kind of stuff, but I don’t have the time to really devote to understand all the legals.” You say. Don’t worry, I can provide some insight here. In short, these new data protection regulations have been brought in by European legislation. Key updates to existing law include, but are not limited to:
“What do I need to do in practice?” You ask. Well, if you make sure that you do some kind of risk assessment on how you process data, have an updated privacy policy and ensure that all your sub-contractor contracts are updated to take into account the new regulations, then you are a long way to getting data compliant. For more information, ICO is definitely a good resource: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/. You say that investors are now interested in sending you term sheets. You will need to talk with me about them. But for now, you have to go, but not before thanking me for the information. Look forward to hearing how things go on the fund raising. Best wishes, Jimmy Desai Your Legal Coach P.S. Don't forget to subscribe and get even more exclusive content and legal insight. As always, this legal talk and all the legal talks are subject to our disclaimer, which you can find here. © 2019. Coaching Law Limited. All rights reserved. Legal Talk 18: What Clauses Do I Need in My Data Contracts?
You pop over to my offices in the City. It is the first time that we have met here but things are now moving fast and getting very serious. The key question for today is if you pass your data to subcontractors for processing, then you need tough contracts with these subcontractors regarding how they handle and use your data. These subcontractors might be marketing agencies, web developers, partners, affiliates or anyone that you pass your data to and who uses it on your behalf. "So, what key clauses do I need in the contracts with these subcontractors?" You ask. Well, you obviously need a written contract, but on the data side the key clauses that you should have in order to ensure compliance with data protection laws should cover the following areas:
"So, these are the key data clauses that I should have in my contract with people that are processing my data for me?" You ask. Yes, that's it. Of course, you can expand on each clause and there are lots of templates out there on the internet that provide more legal wording, but the principles above should be captured in any contract that you have with someone that is processing your data. “Can you provide me with this kind of template?” You ask. Yes, I can. Although, as I say there are plenty of these templates on the internet. Again, if you send me any template that you can find, then I can update and customise it so it suits your needs. It has taken about 30 minutes to get to this stage and you say this is enough information for now at least. If you want to get some weekend reading on this done however, I would start here: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/contracts/. It is almost lunch time and you say you have a business meeting with some Angels who are interested in investing. This is really exciting, please update me after the meeting. I hope it all goes well. Best wishes, Jimmy Desai Your Legal Coach P.S. Don't forget to subscribe and get even more exclusive content and legal insight. As always, this legal talk and all the legal talks are subject to our disclaimer, which you can find here. © 2019. Coaching Law Limited. All rights reserved. Legal Talk 17: FREE Data Security Policies
You text me with a quick follow up. You have found a website that does free data policies: http://www.itdonut.co.uk/blog/2014/05/free-it-policy-templates-now-available. Yes, I say. This is the kind of thing I was talking about. You ask if I can have a look at these and customise these templates for you. Yes, I say. It's far easier for me to customise something that you send to me, rather than me starting from a blank page. However, before you send these policies to me, do go through these policies and see if you think you would like to add anything or if you think some areas are not relevant to you. At least that way the first version of the policy that you send to me has been pre-vetted by you. You text me and say that this approach makes sense and you say you will send over the updated versions today. Look forward to hearing from you. Best wishes, Jimmy Desai Your Legal Coach P.S. Don't forget to subscribe and get even more exclusive content and legal insight. As always, this legal talk and all the legal talks are subject to our disclaimer, which you can find here. © 2019. Coaching Law Limited. All rights reserved. Legal Talk 16: How Do I Become Legally Compliant with Data Security?
We are meeting quickly before work. Data breaches and hacking are beginning to worry you. I can understand why. Data breaches and data hacking have been in the news quite a lot lately, I read this link this morning, shocking! https://www.techworld.com/security/uks-most-infamous-data-breaches-3604586/ You've started to gather email addresses and customer information and you just want to understand what you have to do legally to keep this data safe. You want the highlights because you just want to show investors that you have done what the law requires you to do to protect data. Okay. So here are the basics from the legal stand point: 1. Under data protection law, Principle 7 talks about data security. It is fairly vague in that it says that you need to take "Appropriate technical and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data". So, you say, what constitutes "appropriate technical and organisation measures"? Well, the Regulator says it depends on the details of each case. So unfortunately, there is no clear benchmark; it's very subjective. 2. "What do I do?" You say. Okay, well there are 7 actions you can do to try to meet this standard of taking "appropriate technical and organisational measures". This will give some comfort to investors & partners etc. and could also avoid or mitigate any regulatory action from the Regulator if there is ever a data breach. 1. Written Policies: have a security policy in place (and review it regularly). You can find security policies which you can adapt from the internet and get your lawyer (me at the moment) to cast an eye over it. You can have a major breach plan and this would include elements such as: (a) containment + recovery: this will detail how you go about trying to fix things. (b) assessing the risks: figuring out how people might be affected by any data breach. (c) notification of breaches: figuring out if and when you need to notify the Regulator of any breach. (d) evaluation and response: figuring out what caused the breach and trying to update policies and actions accordingly. 2. Accountability: nominate one of your co-founders to be in charge of and accountable for, data security. 3. Training: train your staff so they are fully aware of how personal data can be lost or hacked into (and the consequences of this, which are not only reputational damage to your business, but also penalties from the Regulator). 4. Access to Premises: ensure that your premises are secure and don't allow access to premises or equipment to anyone outside the organisation unless there are additional security measures in place to ensure they do not damage or lose data. 5. Access to Equipment & Data: have data encrypted and password protected on laptops and PCs so it is not easy to access for anyone who is not authorised. Also, if people are working from home, or if you are using the Cloud for storage then take some time to figure out ways to make things more secure to avoid data losses. 6. Third Parties: If you have sub-contractors or other people managing your data (e.g. data warehouses) then you need strong contracts in place to ensure that they will keep your data safe and that they have proper measures in place, should a data breach ever happen. 7. Business Continuity: have business continuity arrangements that identify how to protect and recover any personal data. "Seems like a lot of stuff to do" you say. Yes, but I think that you can actually capture a lot of this in having the right paperwork in place and just taking sensible measures to keep data safe and secure. "Okay, so I'll just put this in place and everything should be okay?" You say. Well, it's a good platform, but do remember that because principle 7 of the regulations is so vague you can never have a definitive list of things to do. However, if you follow the actions just listed then it will get you a long way to ensuring you are legally compliant on data security. "Got it" you say. You are pleased that you have at least got something to work on re: data security. I'm very much enjoying helping on your tech start up journey. You say you will call me with any follow up questions and with that you wave goodbye. Best wishes, Jimmy Desai Your Legal Coach P.S. Don't forget to subscribe and get even more exclusive content and legal insight. As always, this legal talk and all the legal talks are subject to our disclaimer, which you can find here. © 2019. Coaching Law Limited. All rights reserved. Legal Talk 15: Do I Need a Privacy Policy?
You were thinking of buying a privacy policy template off the internet and wanted to ask me my thoughts. It's a quick phone call and so I just have a few tips: 1. What's a privacy policy? It's basically a policy where you inform your customer in more detail about how you will be dealing with their personal data. It is often fairly generic. Incorporated into a privacy policy is often a cookie policy just explaining what cookies are (bits of code) and how you will be using them (i.e. to help customers pre-fill forms etc.). 2. Tip: Rather than go through the whole of a privacy policy for you in tedious legal detail, you might just look at the privacy policies that your competitors are using for products which are the same or very similar to yours. These privacy policies will differ slightly depending upon what each competitor is doing with people's data but they will give you a good idea of what you should have in your privacy policy. 3. Any blunders to avoid? There are quite a lot of points where you need to future proof your privacy policy. So, if things are likely to happen in the future (so that you might need to use people's data in different ways in the future and you can foresee this happening) then cater for this in your privacy policy now. For example, don't say you will NEVER disclose people's personal data to third parties because what if someone wants to buy your company? In that case you will have to disclose your database of personal data to them so they can see how many customers you have and do some kind of analysis on the value of this customer database. If you have already promised customers that you will not do this then this could hinder the sale of your company in the future! Oh, you say. Yes, you will remember that and try to think about ways in which you might use people's data in the future and then try to cater for this in your privacy policy (particularly because you don't want to have to go back to people later on and ask for their consent for particular uses that should have been covered in the first place!). Okay, you say, you're going to print out some privacy policies off the internet and try to figure out what kinds of things you might need for your privacy policy. "Good start" I say. Privacy policies are very important, I would suggest doing some extra reading, maybe start here: https://www.privacypolicies.com/blog/privacy-policies-legally-required/. At that moment, your phone rings. It's news about new investors. You have to go. I pay the bill. My treat. I see you walk quickly to the nearest tube station (Hyde Park Corner) and disappear into the underground. I will keep thinking about ways that I can help you to grow your start up faster. Until next time, Jimmy Desai Your Legal Coach P.S. Don't forget to subscribe and get even more exclusive content and legal insight. As always, this legal talk and all the legal talks are subject to our disclaimer, which you can find here. © 2019. Coaching Law Limited. All rights reserved. |
Archives
August 2019
Categories |
RSS Feed