If you’re operating in Virginia, there’s a new law in town that you need to know about. The Virginia Consumer Data Protection Act (VCDPA) is shaking things up in the world of data privacy and protection, and it’s important to understand what it means for your business.
Don’t worry, though—we’re here to break it down for you in an easy-to-understand way:
The Virginia Consumer Data Protection Act (VCDPA) is a new law that aims to protect the personal data of Virginia residents.
The VCDPA applies to businesses that collect, process, and control the data of more than 100,000 Virginia consumers or that derive more than 50% of their gross revenue from the sale of personal data and process the data of at least 25,000 Virginia consumers.
🎯 If you’re still not sure if the Virginia Consumer Data Protection Act applies to you? You can take this quiz and find out!
The VCDPA grants consumers, amongst others, the right to:
👀 See more user rights here and how to respond to their requests.
Your organization must provide users with a privacy policy that is:
👀 Here is the full checklist of information that you must include in your privacy policy.
Short answer: No.
The VCDPA does not explicitly state that opt-out links allowing users to refuse the processing of their personal data for specific purposes are necessary.
You likely won’t need to do anything to get your website into compliance with Virginia’s VCDPA if you’re currently in compliance with the GDPR and California’s CCPA/CPRA.
However, it’s important that you take into account how privacy laws are evolving across the US and examine how you can adhere to even the most stringent privacy standards.
The VCDPA took effect on January 1, 2023. See How can iubenda help you Comply with the VCDPA?
