Take a time to check Microsoft or Google's efforts:
It is a quite different to yours effort. Option just signing a some private contract (the DPA) is not a good idea. It is not only user-unfriendly, but even untrustworthy.
The problem is we do not want to take time to review the agreement. Make it public would be much more credible because of the public reviews.
Many new IT companies in EU will need to solve this problem. Another problem could be with the legal implementation of each country in EU. Will DO care about another specification of each EU country? Prepare for this situation and make it as public as it is possible.