Our focus is you
A well-drafted SLA should impose consequences on service providers if service falls below agreed levels, for example, a service credit system where the provider pays you a set amount or delivers extra services at no additional cost each time the service provider fails to meet the agreed service levels. This encourages the provider to meet the SLA requirements. Be wary of accepting service credits as your sole remedy for failure to attain required service levels.
If the service level is below what has been agreed in the SLA, then it may be possible to terminate the arrangement if there is a suitable termination clause in the SLA. This should also allow for you to claim for damages, subject to any contractual limitations, for any loss you have suffered as a business resulting from the poor service levels, provided service credits have not been specified as the sole remedy for breach of the service levels under an SLA.
The potential for issues like this to arise highlights the importance of having a well-drafted SLA that covers all eventualities. Where there is no service credit system or carefully worded termination clause you could end up being stuck with a poor performing service provider for longer than you wish.
Our lawyers have offices in London and across the South East including Gatwick and Crawley, Hassocks, Horsham, Brighton and Guildford.
Please note that visits to our office is by appointment only. If you wish to contact one of our cyber security experts you can do via our online enquiry form
Stay connected, sign up for updates
Stay connectedMeet the cyber security and IT team
Recent work
Sectors
Legal advice relating to a ransomware attack
Advising client whose supplier was subject to a ransomware attack. We act for a client in relation to the provision of IT Services from a supplier, who was subject to a ransomware attack leading to repercussions for our client. We are advising our client on their rights and potential claim to damages.
Advising retail solutions provider on cyber and data protection issues
Advising client on structure of framework contracts, master services arrangements and IT solutions, including data protection structure and processing provisions. Advising on international data transfers agreements, use of SCCs/International Data Transfer Agreement and Transfer Risk Assessment for adhering to technical and organisational and other data security measures.
Legal support to airline technical solutions provider
Advising on provision of SaaS service and data processing arrangements, including cross-border data transfer arrangements for airlines in different jurisdictions, international data transfer contracts and risk assessments, data security considerations and linking to cyber security insurance. Advising and drafting a Data Breach Policy and Data Retention and Deletion Policy (internal and external versions), to support GDPR compliance obligations.
Advising IT platform development and infrastructure provider
Advising on data protection matters, regulatory compliance and drafting suite of data protection documents including general Privacy Policy, Cookies Policy, Data Handling Policy, Employee Data Protection Policy, Data Protection Impact Assessments, Legitimate Interests Assessments, Subject Access Request Process, intra-company Data Sharing Agreements (including international data transfer provisions) and Data Retention Policy.
Web shop terms and data processing
Advising a plumbing fixtures manufacturer on an agreement with an Instagram influencer and their web shop terms, as well as the provision of advice relating to data processing.
Commercial Business Law
Insights
Insights
If in doubt, stick to the core principle: make it clear when AI is being used in a way that could mislead people.
29/06/2026
Insights
DMH Stallard advises Carbon Responsible Limited on the sale to sustainability solutions provider Simply Sustainable.
25/06/2026
Resources
See details of how we approach dispute resolution work, alongside a selection of cases our litigation experts have undertaken for our clients across a range of disputes in FY2025-26.
22/06/2026
Insights
From 19 June 2026, all organisations must have a clear and accessible process for handling data protection complaints.
18/06/2026









