A DPA is required under GDPR Article 28 whenever a business uses a third-party processor (like an ESP) to handle personal data of EU residents. It specifies the scope of processing, security measures, sub-processors used, data retention periods, and obligations in case of breach. Without a DPA, using an ESP for EU email lists is non-compliant. MisarMail provides a signed DPA to all paid plan customers on request.

Related Terms

GDPR Email Compliance

EU regulations governing how businesses collect consent and send marketing emails to European residents.

Consent Management

The process of collecting, storing, and honoring subscriber consent for marketing communications.

Right to Erasure (Right to be Forgotten)

A legal right under GDPR and similar laws allowing individuals to request deletion of all their personal data.

Master email marketing with MisarMail — AI-powered campaigns, automation, and deliverability tools.

Start Free Trial →