Compliance

CDPA

CDPA (Virginia Consumer Data Protection Act) will dramatically improve the lives of Virginia citizens, it’ll give them stronger data rights and more protection.

Cassie will be able to help you achieve compliance without you having to compromise your business goals.

High Volume Icon

High volume, fast response querying

Cassie can process up to 50,000 transactions per second, which means however large your operation is you’ve got peace of mind. Our largest client has 400,000 data subjects.

Icon Customer Insight

Deeper customer insight

Cassie’s Customer service portal will let you capture up to 13 fields. You’ll be able to learn more about your customers in order to create personalized customer journeys.

Icon Dedicated Experts

Pass audit inspections

Be prepared for compliance audits with demonstrable tracking and complete history logs, alongside advanced RoPA and DSAR modules to improve efficiencies and assess risk

Icon Unlimited Storage

Ensure data security

Cassie is SOC 2 certified, assuring organization’s data is safeguarded from unauthorized access or breaches with industry-leading encryption protocols and practices

Icon Audibility

Centralized source of truth

Use Cassie to honor and enforce consent data via APIs and integrations at high volume, in real-time for CDPA compliance across your tech stack (CRMs, marketing automation tools, BI tools)

Icon Connector Red

Complex consent made simple

For every consent captured, Cassie can store unlimited key value pairs of additional information against those consents to unlock scalable, granular consent management

  • What are the CDPA’s Consumer Rights?
    • The CDPA requires controllers to facilitate certain consumer rights, enabling Virginians to exercise greater control over their personal data. The CDPA’s six consumer rights are:
      • Right of access: You must provide a copy of any personal data you hold about a consumer on request.
      • Right to correct: You must correct any inaccurate personal data you hold about a consumer on request.
      • Right to delete: You must delete a consumer’s personal data on request.
      • Right to data portability: On request, you must provide the consumer with a copy of their personal data in a portable and readily useable format.
      • Right to opt out: You must allow consumers to opt out of:
        • Targeted advertising—this means implementing a compliant consent-management tool
        • The sale of their personal data
        • Being subject to profiling, to the extent that it advances decisions that product “legal or similarly significant effects”
      • The right to appeal: You must allow consumers to appeal any decision to refuse a consumer rights request.
  • What are the CDPA’s Limits on collection and use?
    • The CDPA imposes two principles on controllers:
      • Limits on collection: You must only collect personal data that is “adequate, relevant and reasonably necessary in relation to the purposes for which the data is processed.”
      • Limits on use: You must not unnecessarily process personal data for any purposes other than those that are compatible with the context in which you collected the personal data—unless you obtain the consumer’s consent.
  • Do I need to conduct a Data Protection Assessment under CDPA?
    • Under the CDPA, controllers must conduct a data protection assessment to identify and weigh the benefits and risks of certain processing activities, including:
      • Targeted advertising
      • Selling personal data
      • Profiling to advance decisions producing legal or similarly significant effects (such as credit applications).
  • Do I need to maintain a privacy policy under CDPA?
    • The CDPA requires each controller to maintain a privacy policy detailing:
      • The categories of personal data you process
      • Your purposes for processing each category of personal data
      • How consumers may exercise their rights
      • Any categories of personal data you share with third parties
      • Any categories of third parties with whom you share personal data.
  • What is the enforcement for non-compliance with CDPA?
    • The Virginia Attorney-General will offer controllers 30 days to correct any alleged infringements of the CDPA. If the violation is not corrected within 30 days, the Attorney-General may impose a fine of up to $7,500 per violation.