This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Privacy Platform for Virginia (VCDPA)

Future-proof your company in an evolving U.S. privacy landscape — with a privacy control center that scales to meet your compliance needs.

It's beyond time to uphold people's privacy rights. DataGrail powers the world's most trusted companies to understand and satisfy VCDPA requirements.

What is VCDPA?

VCDPA is effective January 1, 2023.

The Virginia Consumer Data Protection Act (VCDPA) provides comprehensive consumer privacy protections and expands consumer privacy rights for Virginia residents.

Sharing commonalities with the CPRA and GDPR, VCDPA establishes new, modernized definitions for personal data, geolocation data, profiling, targeted advertising, and the scale of personal data requires new data privacy procedures for organizations.

Who does VCDPA apply to?

VCDPA applies when in the State you:

  1. Control or process personal data of at least 100,000 Virginia consumers annually; or
  2. Control or process personal data of at least 25,000 consumers and derive more than 50% of gross revenue from the sale of Virginia personal data.

VCDPA does not apply to state government entities, nonprofits, institutions of higher education, financial institutions or data covered by US federal laws such as GLBA, HIPAA and FCRA.

Operationalize VCDPA Compliance

Respect Personal Data Decisions

Data Subject Requests

Consumers have the right to ask businesses to access and delete their data. Automate the process for them to build brand trust and save your team’s time (and money).


Empower Consumers to Opt-Out Gracefully

Do-not-sell or share support

Consumers are increasingly opting out of their data being “sold”, including for advertising purposes. Lead with respect and prevent their data from being sold, bartered, exchanged, or monetized.


Streamline How You Assess Risk

Privacy Assessments

When it comes time to complete a Data Protection Impact Assessment (DPIA) or Privacy Impact Assessment (PIA), rely on a solution that leverages 1,800+ deep integrations to auto-populate responses.


Scale Your Privacy Program

Uphold Brand Trust

The legislative landscape around privacy is changing every day. DataGrail keeps request policies and functionality up-to-date to support compliance with international and US state privacy laws, and whatever comes next.


“DataGrail has supported and guided us through CCPA, CPRA, and GDPR compliance.””

E-Commerce VP

How DataGrail Can Help with VCDPA

It's time to see what a Privacy Control Center can do for you.

VCDPA Requirements

Handle It with DataGrail

Centralize privacy requests (DSRs) like Access, Deletion, Portability and others

Request Manager

Branded intake forms, Operations Dashboard, search and filters

Verify requestor identity and reduce fraud

Request Manager

Smart Verification™ uses pre-existing data with Authorized Agent support

Fulfill DSRs safely, collaboratively and on time

Request Manager

Customizable SLAs and workflows, authorized handoffs and alerts

Honor Do Not Sell opt-out requests

Request Manager

Multichannel handling with GPC opt-out signal recognition

Document your data and processing purposes

Live Data Map

Auto-detect systems containing personal data, generate dynamic RoPAs

Maintain data maps and processing records (RoPAs)

Live Data Map

Proprietary taxonomy and exports driving standardized summaries

Conduct Data Protection / Privacy Impact Assessments

Risk Monitor: Assessments

Assess vendors and high-risk processing activities at scale

Take holistic stock of your privacy footprint

Integration Network

Tight integrations with 1,800+ apps and platforms, from salestech to HRIS

Focus your internal teams on their most strategic work

Managed Services

Access to a dedicated privacy manager who helps build a scalable program and manage DSR processes

Get Up to Speed Fast on VCDPA


VCDPA Explained

Learn about the Virginia consumer privacy law, its requirements for businesses, and what this means in relation to the CCPA/CPRA and a holistic privacy management program.

Read the Guide
In the News

'Do Not Sell' Compliance

The Californian right to opt-out of data "sales" has been adopted into other US State privacy laws, including VCDPA. CPRA co-author Rick Arney weighs in on the underlying issues affecting all US businesses.

Watch the Interview

US State Privacy Laws

The US privacy landscape is becoming more fragmented. In the void of an overarching Federal
privacy law, more States have followed in California's and Virginia's footsteps with their own comprehensive consumer privacy laws.

Read the Guide

“DataGrail helped us reduce compliance risk. Our adoption of DataGrail has only increased over time and it's great to have a knowledgeable partner as we look to the next year with CPRA going into effect.”

Verified User in Software

Mid-Market (51-1000 emp.)

Resources for every step
of your data privacy journey

Privacy Primer: Mastering the Data Privacy Basics
Learn More
Meet DataGrail: On-Demand
Learn More
Data Privacy Solution Buyer’s Guide
Learn More
Curious about how it all works?
Learn more about the DataGrail Platform

Whether you're an expert or just starting out, join the privacy community for professionals who lead with trust.

Join the Community