Skip to content
Compliance & Legal
Data Processing Agreement (DPA)

GDPR DPA — Data Processor Agreement

The mandatory agreement for anyone processing data on behalf of another company.

Start free Features
GDPR compliant · EU-hosted

85 % of companies lack a DPA with at least one of their vendors

A fine for a missing DPA can reach €10 million or 2 % of annual turnover

Regulators open 40 % of proceedings precisely because of missing or incorrect DPAs

A DPA under Art. 28 GDPR — defines purpose, scope, security measures and the processor's liability. AI tailors it to the specific vendor (cloud, marketing, payroll).

Legal context

A DPA is mandatory under Art. 28 GDPR (Regulation 2016/679/EU) for any relationship where a processor handles personal data on behalf of a controller. Without a DPA, the fine can reach €10 million or 2 % of annual turnover.

GDPR Regulation 2016/679/EU Art. 28 — data processing agreement; fine up to €10 million or 2 % of turnover

Legal basis & glossary

When to use a Data Processing Agreement (DPA)

  • When contracting with a cloud provider (AWS, Google, Microsoft)
  • Before sharing customer data with a marketing agency
  • When outsourcing payroll or accounting
  • When your IT vendor has access to customer personal data

What you get

  • Art. 28 GDPR compliance
  • Security measures
  • Sub-processors
  • Audit and liability
How it works

From idea to signature

Art. 28 GDPR compliance

Security measures

Sub-processors

FAQ

Frequently asked questions about Data Processing Agreement (DPA)

Whenever an external company processes personal data of your customers or employees on your behalf. Typically: cloud providers, marketing platforms, payroll software or IT admins.

Glossary

Key terms in e-signature and contract law — with links to definitions.

GDPR GDPR (General Data Protection Regulation) is an EU regulation on the protection of natural persons with regard to the processing of personal data, applicable from 25 May 2018. DPA A DPA is a contract between a data controller and data processor required by Article 28 of the GDPR as a condition for lawful processing. Data Processor A data processor is a natural or legal person that processes personal data on behalf of and under the instructions of a data controller. Data Controller A data controller is a natural or legal person that determines the purposes and means of processing personal data. Audit Trail An audit trail is a chronological record of all events related to a document — who opened, signed or declined it — including timestamps and IP addresses. eIDAS eIDAS is a regulation of the European Parliament and Council creating a unified legal framework for electronic identification and trust services across the EU. Full glossary
Who uses this

Typical roles

Click a role to see how zipzipdoc helps that group.

Developers & software firms
IP clauses, acceptance procedures, SLA — all tailored to the project via AI.
View profile
E-commerce stores
Prepare your T&Cs, complaint policy and supplier agreements with AI.
View profile
Marketing agencies
Generate Master Service Agreements, Statements of Work or NDAs in English or Slovak. No need for a lawyer on every new project.
View profile
Small teams & startups
Onboard employees or contractors paperlessly. Ready-made templates + AI personalization.
View profile

Role-specific guides

Data Processing Agreement (DPA) for E-commerce stores Data Processing Agreement (DPA) for Healthcare facilities Data Processing Agreement (DPA) for SaaS founders
Similar documents

Related agreements

Documents commonly used alongside a Data Processing Agreement (DPA).

GDPR consent
For marketing, recruiting, loyalty — always compliant.
View
Terms of Service
For SaaS, e-shop, marketplace — terms that scale with you.
View
NDA — non-disclosure agreement
Send an NDA to partners, clients or employees. Sign on mobile, audit trail in the cloud.
View
Employment contract
Paperless employee onboarding. AI personalizes by role.
View
More guides

Other document types

NDA — non-disclosure agreement
Service agreement
Employment contract
Freelancer (contractor) agreement
Contractor agreement (B2B)
Rental agreement
Invoice
Quotation / proposal
License agreement
Consulting agreement
Master Service Agreement
Statement of Work (SOW)
Power of attorney
GDPR consent
Property reservation
Terms of Service
Partnership / shareholders' agreement
Share transfer agreement
Letter of Intent (LOI)
Non-compete agreement
Settlement agreement
Internship agreement
Vendor agreement
SLA — Service Level Agreement
Agency agreement
Distribution agreement
Subscription agreement
Maintenance agreement
Influencer agreement
Photo / video release form
Event contract
Coaching agreement
Investment agreement
Term sheet
Subcontractor agreement
Donation agreement
Franchise agreement
Purchase agreement
Mandate agreement
Board / shareholders' resolution
Further reading

Related articles

accountant

GDPR and DPA for accountants: a step-by-step guide to a compliant practice

Accountants process clients' personal data every day. Learn how to set up GDPR documentation, a Data Processing Agreement (DPA) and confidentiality agreements — digitally.

Read article
nda

NDA complete guide: types, enforceability and what to include in every non-disclosure agreement

Mutual vs one-way NDAs, time limits, what information qualifies as confidential, and the clauses that make a non-disclosure agreement actually enforceable in court.

Read article
dpa

DPA and terms of service: the two data-law documents every digital business needs

A data processing agreement protects your GDPR obligations with processors. Terms of service govern how users use your product. Here is what each must say.

Read article
Compare tools

How does zipzipdoc compare to alternatives?

See a detailed side-by-side comparison with popular e-signature tools.

zipzipdoc vs DocuSign zipzipdoc vs Adobe Sign zipzipdoc vs Dropbox Sign

Ready?

14 days free, no card.

Start free Pricing

No credit card · 14 days free · Cancel anytime