DPAs (Data Protection Agreements or Exhibits (Addenda)) are common in commercial arrangements involving access to the personal data of end users. When you are the customer in such a transaction and your end users’ data will be accessed by a vendor, it is important that you fully understand the scope of the protections being afforded this data under the DPA, especially when the DPA is drafted by the vendor.