GDPR DPA Gap Checker
Walk through the 8 mandatory Article 28(3) clauses. Mark which your current DPA template addresses. Get a prioritized gap report with suggested language for each missing clause.
Browser-only, no signup, no data sent to our servers.
Processing on Documented Instructions
The processor may only process personal data on documented instructions from the controller, including with regard to transfers of personal data to a third country or international organisation.
Why it matters
Without this clause, the processor is not legally bound to limit processing to controller-authorized purposes. This is the single most important term in a DPA.
Does your current DPA template address this clause?
Related reading
- GDPR Article 28 DPA: Clauses and Negotiation
- GDPR Compliance Checklist for SaaS
- Subprocessor List Best Practices
- The complete GDPR resource hub
This tool provides directional guidance. It is not legal advice and does not create an attorney-client relationship. Consult qualified privacy counsel before finalizing any DPA.