Data Processing Agreement Link
GDPR Article 28 requires a Data Processing Agreement (DPA) between any controller and processor that handles personal data. SaaSalyst checks whether your website includes a discoverable DPA link — a signal enterprise buyers look for during vendor security reviews.
What SaaSalyst Checks
SaaSalyst scans your page HTML for Data Processing Agreement-related links and references. The scanner looks for 'dpa', 'data processing agreement', 'data processor', and related terms in anchor elements and page content.
Why This Matters
If your SaaS product processes personal data on behalf of customers (as a data processor under GDPR), you are legally required to offer a Data Processing Agreement. Without one, your customers cannot legally use your product if they serve EU residents.
Enterprise procurement and legal teams specifically request DPAs during vendor evaluation. A missing DPA can block deals with EU-based customers or US companies with EU operations.
Many SaaS products offer DPAs but don't make them discoverable on their website. A visible DPA link signals enterprise readiness and reduces friction in procurement.
How to Fix It
- Draft a Data Processing Agreement covering data processing scope, security measures, sub-processor disclosures, and data subject rights support.
- Add a 'Data Processing Agreement' link to your legal pages or footer alongside your Privacy Policy and Terms of Service.
- For enterprise customers, offer a signed DPA on request and document your standard DPA terms publicly.
- List your sub-processors (e.g., cloud providers, analytics tools) in your DPA or on a dedicated sub-processor page.
Frequently Asked Questions
How does SaaSalyst check for a DPA?
SaaSalyst scans your page HTML for Data Processing Agreement-related terms and links. A discoverable DPA link signals that you have addressed GDPR Article 28 requirements for data processors.
Does my SaaS need a DPA?
If your SaaS processes personal data on behalf of customers (acting as a data processor), GDPR Article 28 requires a DPA with each customer. SaaSalyst checks for a discoverable DPA link as an indicator of enterprise compliance readiness.
How does a DPA link affect my Business Readiness Score?
SaaSalyst rates DPA link detection as low severity in Compliance & Legal. Enterprise buyers specifically look for DPAs during procurement, so its absence can block deals despite the low severity rating.
Check Your SaaS Now — Free
SaaSalyst scans your website in 30 seconds and checks for Data Processing Agreement Link along with 40+ other business readiness signals.
Scan Your App