Compliance

VCDPA

On January 1^st 2023, Virginia became the second US state to enact a comprehensive privacy law with the Virginia Consumer Data Protection Act (VCDPA), which is similar in scope to the CCPA but with some crucial differences.

Talk to us

What is VCDPA?

The VCDPA’s primary objective is to protect individuals’ privacy as well as inform them whether their data is being processed.

The Attorney General of Virginia define personal data as meaning “any information that is linked or reasonably linkable to a Virginia resident. It does not include publicly available information such as government-held public records”. Protected health data under the HIPAA as well as a number of other pieces of data are exempt from the VCDPA.

Consumers have the right to submit a request to controllers to ask how data is being used, to delete data and opt-out, as well as requesting copies of the personal information that is being collected by an organization. Businesses must respond to these requests within 45 days of the request being made or face fines of up to $7500 per violation.

Does your business need VCDPA compliance?

The Virginia Consumer Data Protection Act applies to any business doing business in Virginia or targeting Virginia residents that (annually):

Controls or processes the personal data of at least 100,000 consumers
Controls or processes the personal data of at least 25,000 consumers and derives at least 50% of its gross revenues from selling personal data

Some entities that are exempt from VCDPA include: a state/local government, non-profit organization or an institution of higher education.

Data myths and misconceptions report download

Download our “data myths and misconceptions” research report

Discover:

The most popular data protection measures and if consumers find them effective
How aware consumers are of the level of information that companies can collect about them
If consumers keep up to date with data privacy legislation
How companies can build customer trust by respecting data

Download now

Choose Cassie for:

Cassie’s consent and preference management solution allows your business to comply with VCDPA and other relevant legislations, like CCPA & CPRA.

High volume, fast response querying

Cassie can process up to 50,000 transactions per second, which means however large your operation is you’ve got peace of mind…Our largest client has 400 million data subjects.

Deeper customer insight

Cassie’s Customer service portal will let you capture up to 13 fields. You’ll be able to learn more about your customers in order to create personalized customer journeys.

Pass audit inspections

Be prepared for compliance audits with demonstrable tracking and complete history logs, alongside advanced RoPA and DSAR modules to improve efficiencies and assess risk

Ensure data security

Cassie is SOC 2 certified, assuring organization’s data is safeguarded from unauthorized access or breaches with industry-leading encryption protocols and practices

Centralized source of truth

Use Cassie to honor and enforce consent data via APIs and integrations at high volume, in real-time for GDPR compliance across your tech stack (CRMs, CMS, marketing automation tools, BI tools)

Complex consent made simple

For every consent captured, Cassie can store unlimited key value pairs of additional information against those consents to unlock scalable, granular consent management

Recognized by Gartner as a Privacy and Consent Management leader

Free RFP template for consent and preference management

Find out more about the Cassie platform

Recognized by Gartner as a Consent Management leader