This week, Virginia became the next state after California to officially pass a comprehensive privacy law. The Consumer Data Protection Act (CDPA) sets out an increased protection for consumer data and establishes definitions regarding precise geolocation data, targeted advertising, and the sale of personal data and would grant data subjects with a range of rights including access and opt-out rights.  

Sign up for the webinar: Virginia CDPA Lands: What You Need to Know 

The CDPA will provide consumers with a range of new rights including the right to opt out of the processing of personal data for sale or targeted advertising, the right to deletion, the right to amend inaccuracies, and the right to data portability. 

Impact for Organizations

With the CDPA‘s passing, organizations will be subject to vendor management obligations as well as data security and data protection assessment requirements. The CDPA applies to organizations that conduct their business in Virginia, or that produce products or services that are targeted to residents of Virginia and that meet one or more of the following requirements:   

  • Process personal data of at least 100,000 consumers per calendar year 
  • Control and process personal data of at least 25,000 consumers, and the organization derives over 50% of gross revenue from the sale of personal data 

Register now: Virginia CDPA Lands: What You Need to Know 

How OneTrust Supports Organizations Impacted by CDPA

OneTrust offers multiple ways to support organizations affected by the CDPA’s passing. A few of the ways we can help your privacy program navigate these changes include:  

  • CDPA Research & Readiness: Become a CDPA expert with research portals and prepare to report to your board with CDPA maturity & planning and program benchmarking tools.  
  • CDPA Privacy Management Software: Operationalize and automate your CDPA requirements across opt-out of sale, consumer rights, and privacy governance operations.  
  • CDPA Professional Services: Get support with planning and implementing the CDPA with a CDPA readiness check up, and our implementation and validation services.  
  • CDPA Global User Community: Collaborate and network with industry peers on best practices on implementing the CDPA at free PrivacyConnect workshops, and in customer advisory boards. 

When Will the CDPA Come into Effect?

Following Governor Northam’s signature, the CDPA will come into effect January 1, 2023, so organizations have time to prepare and update their compliance programs. For more information on how OneTrust can help you comply with the CDPA , request a demo, and register for our OneTrust DataGuidance webinar for an expert panel from Woods Rogers for a reactionary webinar looking at the newly introduced CDPA. In this webinar we will discuss first impressions of the Act, the benefits and challenges it may present, and a potential timeline and future predictions for the Act. 

Further Virginia’s Consumer Data Protection Act reading:  

Next steps on Virginia’s Consumer Data Protection Act:  

Follow OneTrust on LinkedInTwitter, or YouTube for the latest CDPA updates.