Should a VA sign a clients contract?
- 0 comments
- by Amanda Johnson
As a leading expert in the field of business contracts and data protection, Annabel Kaye of KoffeeKlatch shares her wealth of knowledge on a crucial topic for virtual assistants: navigating the complex world of client agreements and Data Processing Agreements (DPAs). In this guest blog she will share with you about whose contract you should or should not sign.
As an independent business owner, it is your job to provide a contract (your ts and cs) and set out the basis on which you do business.
However, when it comes to clients giving you access to personal data they have collected about their prospects, customers, team or suppliers it is their job as a data controller to give you written instructions in the form of a Data Processing Agreement (DPA) telling you (the data processor) what you may do with information they share with you, why, and how to secure it and use it.
Functionally if you follow what the data controller tells you to do in their DPA then you are not likely to be in the wrong if something goes wrong with the data and it is lost, corrupted, or hacked. This is one part of the agreement between you and your client that must be in writing.
This is also the part that the client is the least likely to provide to you. For this reason, KoffeeKlatch contracts have always included the necessary forms and documents for you and your client to create one.
This is different from the data privacy policy that each data controller (you and your client) must give to your own data subjects where you are collecting and using data for your business.
Very occasionally you will come across a client who has their own DPA. The numbers are small. It is less than 4% of clients as far as we can tell from our KoffeeKlatch customers. Those that do are often law firms, accountancy firms or involved in health care. Many small business owners are still blissfully unaware of this requirement.
And whilst most clients are happy to work based on your ts and cs, you will come across clients who want to you sign there ‘hiring’ agreements.
Never sign two sets of agreements/DPAs
Koffeeklatch customers often come into our group for support and suggest that they will simply get their client to sign their ts and cs and they will also sign the client’s agreements. Or they will both sign separate DPAs.
This is not a good decision. If the two sets of documents have the same effect, then it is a pointless exercise. And if they have a different effect there is no way of telling which set of agreements govern who should be doing what. Only lawyers make money out of that sort of muddle, and you should not get yourself into that situation.
What should you do?
The first thing you should be clear about is whether your client is asking you to sign their contract or their DPA or both.
Data Processing Agreements (DPA)
If they are providing you with a DPA that is a perfectly normal thing for them to do and it is part of them being a responsible data controller. BUT you need to be sure you understand it before you sign it.
We have seen DPAs that put unlimited liability on a VA for any data breaches or losses. If you are carrying cyber security or professional indemnity insurance and check with your insurers you will quickly find out that you cannot insure for an unlimited loss. All insurance has a maximum value whether it is £5 or £50m or more. This type of wording comes from people who have asked their lawyers to do something (and they have picked up a template) or found an online template and used it without thinking.
The effect of this if you are a sole trader (not with your own limited company) is that you could lose everything you own if something goes wrong.
We regularly help KoffeeKlatch customers push back on these clauses and negotiate something more suitable in line with the real risk to the business, but it is hard to do that once you have signed.
The DPAs are often quick to push liability on you but offer nothing for you if your client is in breach and causes you problems! Read carefully before you sign or get someone who really knows what they are doing to read it for you and tell you in ordinary English what it means.
The DPA should really match how you are both intending to work – not be a free-standing set of rules you are not going to follow as that will leave you wide open if something goes wrong. That is true whether you are signing their DPA or using the KoffeeKlatch data processing form to create one with your client.
Their contracts/agreement
While it is better for you to do business on your terms, there are times when a client has a large team, and they can’t cope with each outsourced VA being on a different agreement. They will want to use their own ‘hiring’ agreement. This is common with agencies and lead VAs, it is less common with end clients, though again those in highly regulated professions sometimes have their own hiring agreements to.
Understand
When we have read them (and they can be full of jargon and lawyer speak which makes them hard to understand) they sometimes actually have the same effect as your own contracts do.
Negotiate
Where the differences are small it is worthwhile, depending on the value of the work you are pitching for, getting advice on negotiating the difference and putting minor amendments/changes into your own terms. Often there is a solution where everyone is happy. For a checklist of major terms to watch out for read https://www.koffeeklatch.co.uk/top-tips-on-understanding-the-contracts-your-client-want-you-to-sign/
Simply saying “I will take advice and get back to you” lets your client know you have someone behind you who will look out for you, and this can help nervous lawyers on their side to settle down. All too often they try to apply all sorts of ‘big company’ rules as if they are doing a £5m contract with you and the terms are just disproportionate.
Measure the gap.
It is important to know what their contracts/documents say and then to understand how they differ from yours. Some turn you into an employee and yet give you massive liabilities. It is not because someone is trying to do something awful to you – it is because they often neither know nor care what effect these contracts will have on your tax and employment status, liabilities, or insurance!
Another interesting difference is copyright. Some corporate style hiring contracts try to obtain copyright not only on work you are doing for that client (whether they ever pay you) but also on any work you are doing. The drafting is atrocious. If you are a creative VA, you are in effect selling your entire IP for a few hours work! And of course, the growing use of AI generation and analysis makes those contracts even more inappropriate than they were in the first place. We’ll be talking more about AI later.
Many VAs simply refuses to trade on any contracts but their own. It is a legitimate decision. If you go into an online store and want to purchase, you don’t send your own purchase terms and insist they change the deal for you! Others will amend their contracts, but only so far. In the end you are the boss, and the decision is yours. The important thing is you don’t feel bullied into signing something that is bad for you that you don’t really understand.
Sometimes a client won’t budge but their contract is so bad for you that it is better to find another client. We often see this in the customer support group where we help VAs with these issues. It’s your business, it’s your choice. Make it wisely.
Annabel Kaye has been helping VAs with contracts and GDPR support for over 16 years. There have been a lot of changes in that time. Two years ago, year Jo Brianti joined the KoffeeKlatch team as a Director . Together the two of them provide a clear technical support system designed to help VAs create a profitable business that does not ignore the realities and legalities of the way you work today.
Annabel Kaye