No DPA — strict disconnected on-premise mode

Name: Natalia
Author: Natalia

In strict disconnected mode, Natalia is a pure software publisher under GDPR Recital 26 and EDPB 07/2020 §28-29. No Data Processing Agreement is required, and signing one would be legally incorrect.

What to provide to your DPO instead?

To pass DPO review without a DPA, the following pieces of documentation are sufficient:

On-premise GDPR page — detailed legal qualification, data flows, IT lawyer FAQ.
Strict on-premise terms clause — contractual qualification to integrate in your terms of service.
Security documentation — encryption, RBAC, audit log, breach notification process.
Reversibility documentation — export formats, termination procedure, no lock-in.
Internal art.30 GDPR record entry — the Customer documents the processing operations carried out by the appliance in its own art.30 record, as for any other internal software.