 Virginia Consumer Data Protection Act (VCDPA)

 became law on March 2, 2021 and will go into force on January 1, 2023.

, the VCDPA created new requirements for organizations that process data for consumers in Virginia. It also established certain data rights for Virginia residents.

Businesses that market goods or services to Virginia residents

Any organization that meets these criteria must also:

Control or process personal data for 100,000 or more Virginia residents per year OR

Process data for 25,000 or more Virginia residents while also earning at least 50% of gross revenue from selling personal data

The VCDPA gave Virginia residents the following rights in regards to their personal data.

 Virginia residents may request access to any personal data a company holds on them.

 If they discover an error, consumers may request a correction of their personal data.

 Consumers have the right to delete their personal data. This right applies whether the company received data from the consumer directly or it came from a third-party, such as a data broker.

 Virginia residents may move their data between services. In order to support this right, businesses must, upon request, give an individual their data in an easily transmittable format.

 Consumers may opt-out of personal data processing for targeted marketing purposes.

 Organizations under the VCDPA must create an appeals process that VA residents can use in the event their data request is denied or otherwise unfulfilled.

Learn more about the VCDPA with our complete guide '

Article 28

Article 30

Article 32

Article 6 

Article 9

Authorized Agents

California Consumer Privacy Act

California Privacy Protection Agency

California Privacy Rights Act

Colorado Privacy Act

Consent 

Dark Patterns

Data Controller

Data Mapping

Data Processor

Data Subject

Data Subject Access Request

Do Not Track

Do not sell/Do not share 

Facebook Limited Data Use

GDPR Personal Data

GDPR Principles

GDPR Rights

General Data Protection Regulation

Global Privacy Control

Gramm-Leach-Bliley Act

HIPAA

LGDP (Brazil's Privacy Law)

Personally Identifiable Information

Preference Management

Pseudonymization

Record of Processing Activities

Schrems II

Tracking Cookies

Utah Consumer Privacy Act 

Verifiable Consumer Request 

Virginia Consumer Data Protection Act

Data Rights Unwrapped 2024: Transcend Customers Powering the Next Era of Privacy Innovation

Transcend offers data governance solutions that help companies achieve privacy compliance through powerful data mapping and data discovery, automated data subject requests, and simple cookie consent, all with industry leading security.