Schedule a demo
See how you can maintain an inventory of VCDPA-regulated data and provide regulators proof of 24/7 data monitoring, fulfillment of right-to-be-forgotten requests at endpoints, and policy enforcement.
Provide evidence to auditors of steps taken to secure the confidentiality of customer information collected and protect it against threats and unauthorized access.
The Virginia Consumer Data Protection Act (VCDPA) is a state law in Virginia that aims to protect the personal data of consumers in Virginia. The VCDPA went into effect on January 1, 2023. It was enacted in March 2021 and passed into law with a delayed effective date to allow companies time to prepare for the new requirements.
The VCDPA applies to companies that do business in Virginia and that meet certain thresholds for the collection and use of personal data. It sets out rules for how companies can collect, use, and share personal data, and it gives consumers certain rights with respect to their personal data.
The VCDPA applies to businesses that do business in Virginia and that meet certain thresholds for the collection and use of personal data. Specifically, the VCDPA applies to “controllers” and “processors” of personal data.
A controller is a business that determines the purposes and means of processing personal data. A processor is a business that processes personal data on behalf of a controller.
The VCDPA applies to controllers and processors that meet any of the following thresholds:
If your business meets any of the thresholds above and does business in Virginia, it may be subject to the VCDPA. It’s important to carefully review the requirements of the VCDPA to ensure that your business is in compliance.
The VCDPA covers “personal data,” which is defined as any information that is linked or reasonably linkable to an identified or identifiable natural person. Personal data includes both personal identifying information (such as a person’s name or address) and personal characteristics (such as a person’s gender or age).
The VCDPA applies to the collection, use, and sharing of personal data by businesses that do business in Virginia and that meet certain thresholds for the collection and use of personal data. It sets out rules for how these businesses can collect, use, and share personal data, and it gives consumers certain rights with respect to their personal data.
The VCDPA does not apply to certain types of data, such as data collected for national security or law enforcement purposes. It also does not apply to certain types of businesses, such as financial institutions that are subject to other state and federal data protection regulations.
Here are some key compliance requirements of the VCDPA:
It’s important for businesses subject to the VCDPA to carefully review and understand these requirements to ensure compliance with the law. Non-compliance with the VCDPA can result in fines and other penalties.
The Virginia Consumer Data Protection Act (VCDPA) establishes a number of enforcement and penalty provisions to ensure compliance with the law. The VCDPA is enforced by the Virginia Attorney General, who has the authority to bring enforcement actions against businesses that violate the law.
Under the VCDPA, the Virginia Attorney General has the power to:
In addition to these enforcement powers, the VCDPA also allows consumers to bring private lawsuits against businesses that violate the law. Consumers can seek damages, attorneys’ fees, and other relief in these lawsuits.