Spell-check for privacy
Blog
Compliance and AI 8 min read

Do you need a data processing agreement for an AI tool?

If an AI vendor processes personal data on your behalf, it is a processor and a data processing agreement (Article 28 GDPR) is usually mandatory. Free accounts do not have one. Here is when you need a DPA and what has to be in it.

Legal reviewer checking an AI vendor's data processing agreement
Quick answer

Usually, yes. If an AI vendor processes personal data on behalf of your organisation, it is a processor and a data processing agreement (DPA, Article 28 GDPR) is mandatory. A free or personal AI account runs under consumer terms with no DPA, which makes business use with personal data hard to justify. The major vendors (OpenAI, Anthropic, Google, Microsoft) all offer a DPA, but only on their business tiers, never on the free consumer account.

01

If you decide why and how data is processed, you are the controller; the AI vendor is the processor

02

When a processor handles personal data on your behalf, a data processing agreement (Article 28 GDPR) is usually mandatory

03

Article 28 sets out what must be in it: subject and duration, instructions, confidentiality, security, sub-processors, help with rights, return or deletion, and audit

04

Major vendors offer a DPA only on business tiers, not on the free account

05

A DPA covers the contract; it does not stop the wrong data entering the prompt

A vendor security review lands on Lukas Costa's desk on a Tuesday afternoon. A team lead wants to roll out an AI writing assistant across support. The business case is solid. The deployment plan is clear. One line is missing: there is no data processing agreement, because the team has been trialling it on free personal accounts. Lukas, the DPO, sends one question back. Who signs the DPA, and on which tier?

The answer decides whether the rollout can go ahead. If the AI vendor processes personal data on your behalf, you almost certainly need a DPA, and a free account does not give you one. Here is when it is mandatory, what has to be in it, and which vendors offer one.

Controller or processor?

The GDPR splits responsibility into two roles. The controller determines the purposes and means of the processing: why the data is processed and how. That is your organisation. The processor handles personal data on behalf of the controller and may only act on documented instructions.

When a support agent drops a customer email into an AI tool to draft a reply, your organisation sets the purpose. The AI vendor processes the data to carry it out. In that situation the vendor is a processor, and that is exactly the point where the GDPR requires a contract.

When is a DPA mandatory?

The rule is short. If you have personal data processed by an external party, a data processing agreement is mandatory under Article 28 GDPR. There is no threshold and no carve-out for "but it is only a chatbot".

Two questions settle it. Does personal data go into the prompt? For business use, almost always: a name, an email address, an account number, a case reference. And does the vendor process that data on your behalf? For an AI tool that processes your input to return an answer, yes. That fixes the obligation.

This is where account tiers matter for the decision. A free or personal AI account runs under consumer terms. There is no DPA attached, and the input can be used to improve the model. For business use with personal data, a managed business account with a DPA is the starting point. More on that split in free versus business AI accounts.

What Article 28 requires

Article 28(3) GDPR sets out the content. A data processing agreement must specify:

  • Subject matter and duration of the processing, its nature and purpose, the types of personal data, and the categories of data subjects.
  • Processing only on instruction. The processor handles the data solely on your documented instructions, unless a law requires otherwise.
  • Confidentiality. Everyone with access to the data is bound to confidentiality.
  • Security. Appropriate technical and organisational measures (Article 32 GDPR).
  • Sub-processors. The processor engages no other processor without your authorisation, and imposes the same obligations on any sub-processor.
  • Help with data subject rights. The processor assists you in handling access, rectification, and erasure requests.
  • Help with security and breaches. The processor supports you on security, data breaches, and, where needed, a DPIA.
  • Return or deletion. At the end of the engagement the processor returns or deletes the data, at your choice.
  • Audit. The processor makes all information available to demonstrate compliance and allows audits.

If any of these is missing, the agreement does not meet Article 28. A signed PDF is not the same as a compliant one, so the review is checking for these clauses, not just for a signature.

Which AI vendors offer a DPA?

The major vendors all offer a data processing agreement, but consistently only on the business tiers. The free consumer account is out of scope.

VendorDPA available onNot on
OpenAI (ChatGPT)API, ChatGPT Business, ChatGPT EnterprisePersonal (free) ChatGPT account
Anthropic (Claude)API, Team, Enterprise (built into the commercial terms)Free and Pro
Google (Gemini)Workspace and Cloud, via the Cloud Data Processing AddendumPersonal Google account
Microsoft (Copilot)Microsoft 365 / Copilot business, via the Products and Services DPA and Product TermsConsumer account

Sources, accessed June 2026: OpenAI (data processing addendum for the API and business services; a personal account cannot execute the addendum), Anthropic (the DPA is incorporated into the commercial terms for API, Team, and Enterprise; Free and Pro have none), Google (Cloud Data Processing Addendum for Workspace and Cloud, including SCCs), Microsoft (Microsoft 365 Copilot for organisations is covered by the Products and Services Data Protection Addendum and the Product Terms, with Microsoft acting as processor).

The practical takeaway for the review: pick the tier that comes with a DPA, and confirm the agreement actually covers the specific product in use.

Sub-processors and transfers outside the EU

An AI vendor rarely works alone. For hosting, storage, or compute it engages sub-processors. The DPA records that those sub-processors are bound by the same rules and that you are informed of changes.

Many of those parties sit outside the EU, often in the US. Sending personal data there is only allowed with a valid transfer basis: an adequacy decision or standard contractual clauses (SCCs). The DPA handles this on paper, but knowing where the data lands stays your job. More on this in data sovereignty and AI prompts.

What a DPA does not cover

A DPA settles the arrangement: what the vendor may and may not do with the data, how it secures it, what happens at the end. That is necessary, and it is enough to get the contract in order.

What it does not do is decide what an employee types into the prompt. If a customer account number sits in the text field, it leaves the organisation, signed agreement or not. The DPA covers the legal relationship. It does not hold back the wrong data at the source. Data minimisation (Article 5 GDPR) remains a separate obligation, and it is met in the prompt itself. See also which GDPR measures AI use requires and the AI Act alongside the GDPR.

Where BeeSensible sits

BeeSensible is itself a processor. The customer is the controller, and a processing agreement is signed with every customer. A product DPIA is available on request. Detection runs on ISO 27001 certified EU infrastructure.

That handles the contract. The part a contract leaves open, the data that ends up in the prompt, is where the extension works. BeeSensible highlights sensitive data while you type in browser-based AI tools. You remove it, replace it with a realistic alternative, or mask it, before you send.

Outlook
New message
Todr.smith@clinic.co.uk
SubjectClient file: Client
BeeSensible highlights sensitive details before send.
Hover or tap a highlighted value to replace, mask, or delete it - before the draft reaches anyone.

Take the support rollout Lukas is reviewing. An agent pastes a customer email with a name, an account number, and a phone number into the assistant. The sensitive data gets a highlight. The agent replaces the name with "Customer A" and removes the account number. The task, drafting a reply, stays intact. The traceable data does not leave the organisation. The DPA covers the arrangement with the vendor; this makes data minimisation concrete at the moment the prompt is sent.

Further reading: Compliance and AI.

FAQ

Common questions

Do I always need a DPA for an AI tool?

Not always, but often. As soon as the AI vendor processes personal data on your behalf, it is a processor and a data processing agreement (Article 28 GDPR) is mandatory. If you only ever use a tool with data that is not personal data, the picture is different. In practice, business AI use almost always puts a personal data point into the prompt.

What is the difference between a controller and a processor?

The controller decides why and how personal data is processed. That is you or your organisation. The processor handles that data on your behalf and may only act on your documented instructions. An AI vendor that processes your prompts to return an answer acts as a processor in that role.

What does Article 28 GDPR require in a data processing agreement?

Article 28(3) GDPR lists the mandatory points: the subject matter, duration, nature and purpose of the processing, the types of data and categories of data subjects, processing only on your instruction, confidentiality, appropriate security, rules for sub-processors, help with data subject requests and with security, return or deletion of the data afterwards, and making information available for audits.

Does ChatGPT offer a data processing agreement?

OpenAI executes a data processing addendum for the API, ChatGPT Business, and ChatGPT Enterprise. A personal ChatGPT account cannot execute that agreement; it runs under the consumer policy. A business account is therefore the condition for a DPA (OpenAI, accessed June 2026).

Can personal data go to an AI tool outside the EU?

Only with a valid basis for international transfer, such as an adequacy decision or standard contractual clauses (SCCs). Many AI vendors are based in the US and use sub-processors. The DPA covers these points on paper, but it remains your responsibility to check where the data ends up.

Is BeeSensible a processor?

Yes. The customer is the controller, BeeSensible is the processor. A processing agreement is signed with every customer, and a product DPIA is available on request.