There is an increasing expectation that SLAs become fully automated for IoT environments. This automation may involve monitoring of adherence to an SLA, discretionary encryption of data, enforcement of SLAs and compliance with legal requirements such as the General Data Protection Regulation (GDPR) or comparable regulations. Furthermore, such SLAs need to be customised to a specific IoT vertical, IoT use case or IoT scenario. However, designing such customised IoT scenario-specific SLAs on the fly is very challenging, nuanced, complex and requires domain-specific knowledge. To address such challenges, we propose a platform agnostic, trustworthy, reliable, secure and GDPR compliant end-to-end automated on the fly SLA generation platform. The architecture follows the GDPR Privacy by Design approach, and we demonstrate how this framework can be used for processing of data irrespective from where the data generated, and the SLA attached to it.