The data processing agreement (DPA) is a document between a data controller and a data processor. The controller needs the processor services to work with his data and wants the processor to be GDPR compliant (or compliant with other international agreements, for example the EU-USA shield).
For example, if you use an external service which receiver your user’s personal data for processing and getting back a result (for example statistics, invoices, goods delivery and so on) you should find out if that third party is processing the data in the right way. The DPA could be the document that contains the rules you both agree upon so the controller is ensured the data is processed in a legal way.
Many big players already offer warranties and a DPA for their services, you can download and where they explain in detail how they process (or not process at all) data you sent them or store in their system.
If you purchased our professional extension or just use the free plugin version, there is no DPA required between you and us. We DO NOT process the personal data you collect with the Newsletter plugin or its extensions. All data is store in your blog so if you need a DPA you should ask it to your hosting provider which own the machines where the blog and the database are.