Glossary
DPA (Data Processing Agreement)
A DPA is the contract between your business and a provider that processes personal data for you, as required by the GDPR. AI vendors offer one on business and enterprise plans; signing it is what lets you use their tools on customer data properly.
When your business hands customer data to another company, like a cloud service, a mailing platform, or an AI chatbot, the GDPR requires a written contract defining what that company may do with it. That contract is the Data Processing Agreement, or DPA. It pins down the essentials: the provider only processes data on your instructions, keeps it secure, tells you about breaches, and deletes it when the contract ends.
The everyday version: a plumber’s small firm wants its AI assistant to draft replies that include customer names and addresses. On a consumer account there’s typically no DPA, so the firm has weak answers if a customer or an authority asks how that data is protected. On business tiers, vendors like OpenAI, Anthropic and Google offer a DPA you can accept, often with a click during setup.
So the rule of thumb is simple and calm: real customer data plus AI usually points toward a business plan with a DPA. The plan picker helps you see which tier fits, and check vendors’ trust or legal pages for their current DPA terms.
Where you’ll meet this
- AI vendors’ trust/legal pages: OpenAI, Anthropic and Google all publish their DPAs
- Admin or billing settings of business and enterprise plans, where you accept the DPA
- Your own vendor checklist, if your business already works GDPR-style
Related terms
Put it to work
- Free Skuto Plan Picker Find out in one minute whether a paid AI plan is worth it for you — real euro prices, VAT included, re-verified every week.
- Free Skuto Paste Checker Check before you paste: pick what you're about to share and which AI you use, and see in seconds if it's safe — with the vendor's actual terms and a safer alternative.