Privacy Platform for Virginia (VCDPA)
Future-proof your company in an evolving U.S. privacy landscape — with a privacy control center that scales to meet your compliance needs.
It's beyond time to uphold people's privacy rights. DataGrail powers the world's most trusted companies to understand and satisfy VCDPA requirements.
What is VCDPA?
VCDPA is effective January 1, 2023.
The Virginia Consumer Data Protection Act (VCDPA) provides comprehensive consumer privacy protections and expands consumer privacy rights for Virginia residents.
Sharing commonalities with the CPRA and GDPR, VCDPA establishes new, modernized definitions for personal data, geolocation data, profiling, targeted advertising, and the scale of personal data requires new data privacy procedures for organizations.
Who does VCDPA apply to?
VCDPA applies when in the State you:
- Control or process personal data of at least 100,000 Virginia consumers annually; or
- Control or process personal data of at least 25,000 consumers and derive more than 50% of gross revenue from the sale of Virginia personal data.
VCDPA does not apply to state government entities, nonprofits, institutions of higher education, financial institutions or data covered by US federal laws such as GLBA, HIPAA and FCRA.
Operationalize VCDPA Compliance
Respect Personal Data Decisions
Data Subject Requests
Consumers have the right to ask businesses to access and delete their data. Automate the process for them to build brand trust and save your team’s time (and money).
Empower Consumers to Opt-Out Gracefully
Do-not-sell or share support
Consumers are increasingly opting out of their data being “sold”, including for advertising purposes. Lead with respect and prevent their data from being sold, bartered, exchanged, or monetized.
Streamline How You Assess Risk
Privacy Assessments
When it comes time to complete a Data Protection Impact Assessment (DPIA) or Privacy Impact Assessment (PIA), rely on a solution that leverages 1,800+ deep integrations to auto-populate responses.
Scale Your Privacy Program
Uphold Brand Trust
The legislative landscape around privacy is changing every day. DataGrail keeps request policies and functionality up-to-date to support compliance with international and US state privacy laws, and whatever comes next.
“DataGrail has supported and guided us through CCPA, CPRA, and GDPR compliance.””
How DataGrail Can Help with VCDPA
It's time to see what a Privacy Control Center can do for you.
VCDPA Requirements
Handle It with DataGrail
Get Up to Speed Fast on VCDPA
VCDPA Explained
Learn about the Virginia consumer privacy law, its requirements for businesses, and what this means in relation to the CCPA/CPRA and a holistic privacy management program.
'Do Not Sell' Compliance
The Californian right to opt-out of data "sales" has been adopted into other US State privacy laws, including VCDPA. CPRA co-author Rick Arney weighs in on the underlying issues affecting all US businesses.
US State Privacy Laws
The US privacy landscape is becoming more fragmented. In the void of an overarching Federal
privacy law, more States have followed in California's and Virginia's footsteps with their own comprehensive consumer privacy laws.
“DataGrail helped us reduce compliance risk. Our adoption of DataGrail has only increased over time and it's great to have a knowledgeable partner as we look to the next year with CPRA going into effect.”
Mid-Market (51-1000 emp.)
Resources for every step
of your data privacy journey
Whether you're an expert or just starting out, join the privacy community for professionals who lead with trust.
Join the Community