It doesn’t matter where your business is located-–the VCDPA applies to your company if your customers reside in Virginia. Businesses that fail to comply with the VCDPA may be subject to significant fines and penalties and possible damage to their reputations.
In this article, we provide information that can help business owners successfully navigate the Virginia Consumer Data Protection Act (VCDPA).
Passed on March 2, 2021, the VCDPA provides consumers with broad protection and rights concerning the collection, use, processing, sharing, and sale of their personal information.
It doesn’t matter where your business is located-–the VCDPA applies to your company if your customers reside in Virginia. Businesses that fail to comply with the VCDPA may be subject to significant fines and penalties and possible damage to their reputations. But there are solutions that simplify compliance.
The VCDPA applies to entities that conduct business in Virginia or provide products or services that target Virginia residents and that either:
Because the VCDPA does not impose a revenue threshold, a business cannot become subject to the law merely due to its annual revenues; however, smaller, regional businesses that meet other thresholds may find that they need to comply with it.
The "sale of personal information" is defined as "the exchange of personal data for monetary consideration." Importantly, the definition of sale includes a few notable exclusions:
The law defines a consumer as "a natural person who is a resident of the Commonwealth acting only in an individual or household context." It explicitly omits persons who are "acting in a commercial or employment context."
The VCDPA provides consumers with six rights, including the right to:
The law mandates that a business that receives an authenticated request must comply, irrespective of the hardships or impracticable nature of the request language.
To cost-effectively ensure they are complying with VCDPA, businesses will have to manage and track consumers’ requests to opt-out, review, access, delete, and obtain their data.
Business owners and leaders need a system for tracking consumer requests to opt-out, review, access, delete, and obtain their data. Without an accurate system for tracking the status of each request, business owners risk costly penalties and damage to their reputations.
To strengthen and enhance customer loyalty, PrivacyCare offers a system that features:
For help with your data privacy compliance challenges, contact PrivacyCare today.
After failing to comply with the California Consumer Privacy Act (CCPA), Sephora, Inc., a beauty product retailer, settled with the office of the California Attorney General for $1.2 million.
September 27, 2022
The American Data Privacy and Protection Act (ADPPA) has been sent to the House of Representatives for consideration and would fundamentally change data privacy in the U.S. By partly replacing the current patchwork of state laws, companies would gain a clearer path to compliance.
September 27, 2022
Avoid costly fines, protect your customers personal data and protect your brand value by building customer trust. Jumpstart your consumer data privacy program and get started for free today.Get Started
No credit-card required