THE VIRGINIA CDPA
What businesses need to know
Virginia’s Consumer Data Protection Act (VCDPA) places new obligations on businesses processing consumer data in Virginia and expands consumer data rights—giving residents the right to access, delete, correct, transfer their data, and opt-out of targeted advertising.
Effective Jan 1, 2023
The VCDPA went into effect January 1, 2023. It applies to businesses that market to VA residents and either process data for 100,000 consumers per year or derive 50% of gross revenue from selling personal data, while processing personal data for 25,000+ consumers.
New privacy rights for Virginia residents
Under the VCDPA, Virginia residents have the right to request access, deletion, correction, or transfer of their data, opt-out of targeted advertising, and file an appeal if a business fails to fulfill their data request.
Virginia CDPA enforcement
The VCDPA is enforced by the Virginia Attorney General. Businesses will have a 30 day cure period to address alleged non-compliance and may be fined up to $7,500 for each individual violation.
PRIVACY REQUESTS
Easily fulfill consumer privacy requests
The Virginia CDPA requires that companies fulfill consumer requests for personal data access, deletion, correction, and transfer. Transcend Privacy Requests is the easiest and most comprehensive way to delete, de-identify, return, or modify a user's data or preferences across your tech stack.
DO NOT SELL OR SHARE
Easily manage targeted advertising opt outs
The VCDPA requires that companies give their users a way to opt out of the selling or sharing of their personal data–including data shared with most ad networks for targeted or cross-context behavioral advertising.
Transcend is the only platform that manages this end-to-end–from governing both client-side and backend data flows to enforcing end user preferences across ad tech platforms.
DATA PROTECTION IMPACT ASSESSMENTS
Mitigate risk with smarter assessments
The VCDPA requires data protection impact assessments (DPIAs) to provide a clear understanding of when and where you’re collecting data, how it’s being used, and how long it’s retained.
Transcend uses attribute-based auto-suggestions to manage Data Protection Impact Assessments (DPIAs) and Transfer Impact Assessment (TIAs) with ease, giving you a singular view to minimize data processing risks across your org.
COMPLIANCE WITHOUT COMPLEXITY
Engineered for simplicity, efficiency, and seamless compliance.
More resources
Blog: Preparing for Compliance with Virginia’s CDPA
Businesses in Virginia need to have a mechanism for fulfilling consumer privacy requests, provide with clear options for opt-out and consent, and develop an appeals process.
Guide: Honoring Do Not Sell or Share opt outs
Virginia's targeted advertising opt out requirement follows California's CPRA obligation. Follow this implementation guide to honor client-side and backend opt-outs with Transcend.
Infographic: US State Privacy Laws
Understand the privacy laws in California, Colorado, Virginia, Utah, and Connecticut in seconds.