Guide
How to Sign a Data Processing Agreement Online
GDPR requires a signed DPA between data controllers and processors.
Steps
- 1
Prepare DPA with processing details and safeguards
- 2
Send to data processor or controller
- 3
Counterparty reviews and signs
- 4
Both parties receive signed DPA
- 5
Audit trail for GDPR compliance documentation
Try it with curl
curl -X POST https://signb.ee/api/send \
-H "Content-Type: application/json" \
-d '{
"content": "# Your Document\n\nContent here...",
"senderName": "Your Name",
"senderEmail": "you@email.com",
"recipientName": "Recipient",
"recipientEmail": "recipient@email.com"
}'Legal validity
Electronic signatures are legally binding under the ESIGN Act (US), eIDAS Regulation (EU), and Electronic Communications Act (UK). Every Signbee document includes a SHA-256 tamper-proof certificate.
More details
Under GDPR Article 28, any organisation that processes personal data on behalf of another (a 'data processor') must have a signed Data Processing Agreement with the data controller. Failure to have DPAs in place is one of the most common GDPR compliance failures — and one of the easiest to fix.
Who needs DPAs: - SaaS companies processing customer data - Cloud hosting providers - Email service providers - Analytics platforms - Payment processors - HR and payroll platforms - Marketing automation tools - Any third-party vendor handling personal data
Mandatory DPA contents (per GDPR Article 28): - Subject matter and duration of processing - Nature and purpose of processing - Types of personal data processed - Categories of data subjects - Technical and organisational security measures - Sub-processor management procedures - Data breach notification obligations - Data transfer mechanisms (for non-EU transfers) - Data deletion or return upon contract termination
For SaaS companies: template your standard DPA and use the API to send it automatically when new enterprise customers onboard. The signed DPA is stored with an audit trail, satisfying GDPR documentation requirements.
Frequently asked questions
Is a DPA legally required under GDPR?
Yes. GDPR Article 28 mandates a written contract (DPA) between data controllers and processors. Failure to have DPAs in place can result in fines up to €10 million or 2% of global turnover.
Can DPAs be signed electronically?
Yes. Electronic signatures on DPAs are valid under eIDAS (EU), ESIGN (US), and ECA (UK). The audit trail provides evidence of when both parties agreed to the data processing terms.
Related resources
Try Signbee — free, no credit card.