A vendor security review lands on Lukas Costa's desk on a Tuesday afternoon. A team lead wants to roll out an AI writing assistant across support. The business case is solid. The deployment plan is clear. One line is missing: there is no data processing agreement, because the team has been trialling it on free personal accounts. Lukas, the DPO, sends one question back. Who signs the DPA, and on which tier?
The answer decides whether the rollout can go ahead. If the AI vendor processes personal data on your behalf, you almost certainly need a DPA, and a free account does not give you one. Here is when it is mandatory, what has to be in it, and which vendors offer one.
Controller or processor?
The GDPR splits responsibility into two roles. The controller determines the purposes and means of the processing: why the data is processed and how. That is your organisation. The processor handles personal data on behalf of the controller and may only act on documented instructions.
When a support agent drops a customer email into an AI tool to draft a reply, your organisation sets the purpose. The AI vendor processes the data to carry it out. In that situation the vendor is a processor, and that is exactly the point where the GDPR requires a contract.
When is a DPA mandatory?
The rule is short. If you have personal data processed by an external party, a data processing agreement is mandatory under Article 28 GDPR. There is no threshold and no carve-out for "but it is only a chatbot".
Two questions settle it. Does personal data go into the prompt? For business use, almost always: a name, an email address, an account number, a case reference. And does the vendor process that data on your behalf? For an AI tool that processes your input to return an answer, yes. That fixes the obligation.
This is where account tiers matter for the decision. A free or personal AI account runs under consumer terms. There is no DPA attached, and the input can be used to improve the model. For business use with personal data, a managed business account with a DPA is the starting point. More on that split in free versus business AI accounts.
What Article 28 requires
Article 28(3) GDPR sets out the content. A data processing agreement must specify:
- Subject matter and duration of the processing, its nature and purpose, the types of personal data, and the categories of data subjects.
- Processing only on instruction. The processor handles the data solely on your documented instructions, unless a law requires otherwise.
- Confidentiality. Everyone with access to the data is bound to confidentiality.
- Security. Appropriate technical and organisational measures (Article 32 GDPR).
- Sub-processors. The processor engages no other processor without your authorisation, and imposes the same obligations on any sub-processor.
- Help with data subject rights. The processor assists you in handling access, rectification, and erasure requests.
- Help with security and breaches. The processor supports you on security, data breaches, and, where needed, a DPIA.
- Return or deletion. At the end of the engagement the processor returns or deletes the data, at your choice.
- Audit. The processor makes all information available to demonstrate compliance and allows audits.
If any of these is missing, the agreement does not meet Article 28. A signed PDF is not the same as a compliant one, so the review is checking for these clauses, not just for a signature.
Which AI vendors offer a DPA?
The major vendors all offer a data processing agreement, but consistently only on the business tiers. The free consumer account is out of scope.
| Vendor | DPA available on | Not on |
|---|---|---|
| OpenAI (ChatGPT) | API, ChatGPT Business, ChatGPT Enterprise | Personal (free) ChatGPT account |
| Anthropic (Claude) | API, Team, Enterprise (built into the commercial terms) | Free and Pro |
| Google (Gemini) | Workspace and Cloud, via the Cloud Data Processing Addendum | Personal Google account |
| Microsoft (Copilot) | Microsoft 365 / Copilot business, via the Products and Services DPA and Product Terms | Consumer account |
Sources, accessed June 2026: OpenAI (data processing addendum for the API and business services; a personal account cannot execute the addendum), Anthropic (the DPA is incorporated into the commercial terms for API, Team, and Enterprise; Free and Pro have none), Google (Cloud Data Processing Addendum for Workspace and Cloud, including SCCs), Microsoft (Microsoft 365 Copilot for organisations is covered by the Products and Services Data Protection Addendum and the Product Terms, with Microsoft acting as processor).
The practical takeaway for the review: pick the tier that comes with a DPA, and confirm the agreement actually covers the specific product in use.
Sub-processors and transfers outside the EU
An AI vendor rarely works alone. For hosting, storage, or compute it engages sub-processors. The DPA records that those sub-processors are bound by the same rules and that you are informed of changes.
Many of those parties sit outside the EU, often in the US. Sending personal data there is only allowed with a valid transfer basis: an adequacy decision or standard contractual clauses (SCCs). The DPA handles this on paper, but knowing where the data lands stays your job. More on this in data sovereignty and AI prompts.
What a DPA does not cover
A DPA settles the arrangement: what the vendor may and may not do with the data, how it secures it, what happens at the end. That is necessary, and it is enough to get the contract in order.
What it does not do is decide what an employee types into the prompt. If a customer account number sits in the text field, it leaves the organisation, signed agreement or not. The DPA covers the legal relationship. It does not hold back the wrong data at the source. Data minimisation (Article 5 GDPR) remains a separate obligation, and it is met in the prompt itself. See also which GDPR measures AI use requires and the AI Act alongside the GDPR.
Where BeeSensible sits
BeeSensible is itself a processor. The customer is the controller, and a processing agreement is signed with every customer. A product DPIA is available on request. Detection runs on ISO 27001 certified EU infrastructure.
That handles the contract. The part a contract leaves open, the data that ends up in the prompt, is where the extension works. BeeSensible highlights sensitive data while you type in browser-based AI tools. You remove it, replace it with a realistic alternative, or mask it, before you send.
Outlook