Data Processing Agreement (DPA) — GDPR Article 28 Contract for AI Vendors
Key Takeaway: A Data Processing Agreement (DPA) is not optional paperwork — it is a legal prerequisite under GDPR Article 28 for any relationship in which one organization processes personal data on behalf of another. Every AI vendor that touches personal data must sign one before processing begins.
What Is a Data Processing Agreement?
A Data Processing Agreement is the contract mandated by GDPR Article 28 between a data controller (the organization that determines the purposes and means of processing personal data) and a data processor (the organization that processes that data on the controller's behalf). The DPA defines the scope, nature, purpose, and duration of processing; specifies the types of personal data and categories of data subjects involved; and sets out the binding obligations and rights of each party.
In the context of enterprise AI procurement, the DPA is the foundational legal instrument that governs how an AI vendor handles your organization's data. Without a valid DPA in place, the controller is exposed to regulatory enforcement action under GDPR — the absence of a compliant DPA is itself a violation, separate from any underlying data handling issues.
Why It Matters
Enterprises that deploy AI systems without a signed DPA carry direct regulatory exposure. Under GDPR Article 83(4), infringements of Article 28 obligations carry fines up to €10 million or 2% of global annual turnover, whichever is higher. EU supervisory authorities — including the CNIL (France), Garante (Italy), and the ICO (UK post-Brexit) — have issued enforcement decisions specifically targeting missing or non-compliant processor agreements.
Beyond the regulatory exposure, the DPA is the contractual mechanism through which a controller exercises its oversight rights over a processor. Without one, the controller cannot enforce data minimization, audit rights, security obligations, or breach notification timelines against the vendor.
Core Requirements: What GDPR Article 28 Mandates
Every DPA must include the following elements to be Article 28-compliant:
Processing only on documented instructions. The processor must only process personal data as instructed by the controller. This is critical for AI vendors: the AI system must not use customer data for model training, fine-tuning, or improvement purposes without explicit authorization in the DPA or separate instruction.
Confidentiality obligations. Personnel authorized to process personal data must be subject to enforceable confidentiality obligations.
Technical and organizational security measures. The processor must implement appropriate security measures under GDPR Article 32, covering encryption, pseudonymization, access controls, and business continuity.
Sub-processor controls. The processor may not engage a sub-processor without the controller's prior written authorization. This obligation is particularly consequential for AI vendors — see sub-processor obligations for AI vendors for the full analysis of the Article 28(2) chain.
Data subject rights assistance. The processor must assist the controller in fulfilling data subject rights requests — access, rectification, erasure, portability — to the extent possible given the processing nature.
Deletion or return on contract end. On termination, the processor must either return or delete all personal data, unless EU or member state law requires retention.
Audit rights. The controller must be able to audit the processor's compliance with the DPA, either directly or through an authorized third-party auditor.
Data transfer mechanisms. If the processor transfers personal data outside the EEA, the DPA must include or reference an adequate transfer mechanism — Standard Contractual Clauses (SCCs), Binding Corporate Rules, or a transfer to an adequacy country.
AI-Specific DPA Provisions
Standard commercial DPA templates frequently omit provisions that are essential when the processor is an AI system or uses AI components:
Training data restriction. An explicit prohibition on using controller data to train, fine-tune, or improve the vendor's AI models — unless separately authorized. Many AI vendors' standard terms permit model improvement from customer data by default.
Model output residency. Clarifying whether AI-generated outputs (scored records, classifications, recommendations) constitute personal data processed on behalf of the controller — they typically do where they derive from personal data inputs.
Automated decision-making disclosure. Where the AI system makes or substantially contributes to decisions with significant effects on individuals, the DPA should specify whether GDPR Article 22 automated decision-making restrictions apply and how the processor enables human review.
Data residency. If data residency requirements apply (see data residency obligations for AI), the DPA must specify the geographic scope of permitted processing.
Edge Cases and Sibling Concepts
The DPA governs the controller-processor relationship. A distinct legal relationship — and a distinct contract — governs the controller-sub-processor relationship, which arises when the processor delegates processing to a third party (such as when an AI SaaS vendor uses OpenAI or Anthropic as its underlying model provider). That obligation is addressed under sub-processor designation for AI.
The DPA is also distinct from a Data Sharing Agreement, which covers a controller-to-controller data sharing arrangement (where both parties determine purposes independently), and from a Joint Controller Agreement under GDPR Article 26, which applies when two parties jointly determine processing purposes.
Knowlee and Data Processing Agreements
Knowlee operates as a data processor for all customer data processed through the platform. A GDPR-compliant Data Processing Agreement is provided as standard as part of the commercial agreement — not on request. The DPA covers all Article 28 mandatory elements, including explicit prohibition on using customer data for model training without separate authorization, an approved sub-processor list with change notification obligations (see sub-processor designation for AI), and contractual audit rights exercisable by the customer or their nominated auditor.
Per-tenant Supabase database isolation ensures that no customer's personal data is accessible in another customer's processing environment — a technical control that reinforces the DPA's confidentiality and data segregation obligations. Knowlee's ISO 42001-aligned AI management system and SOC 2-compliant security controls provide the Article 32 technical and organizational measures that underpin the DPA's security commitments.