Mar 29, 2021 4 min read

What is CDPA? Virginia's Consumer Data Protection Act Explained

What is CDPA? Virginia's Consumer Data Protection Act Explained

Virginia Governor Ralph Northam signed the Consumer Data Protection Act (CDPA) into law on March 2nd, 2021, making Virginia the second state to enact a data protection law — only preceded by California's CCPA. The law will go into effect on January 1st, 2023.

The CDPA affirms consumers' rights to access and control their personal data. Any entity controlling and processing personal data must follow the responsibilities outlined in the law.

This article provides a brief and summarized overview of the law. You can read the full text of the Consumer Data Protection Act here.

Who must comply with the CDPA?

The law applies to anyone that conducts business in Virginia or produces products or services that are targeted to residents of Virginia AND satisfy one of the following:

  1. Control or process personal data of at least 100,000 consumers
  2. Control or process personal data of at least 25,000 consumers AND derive 50% of gross revenue from the sale of personal data.

What are the requirements of the CDPA?

The law provides consumers with data rights and defines the responsibilities of both controllers and processors of data. It is imperative to understand the definition of each entity:

Read the full story

Subscribe to our free weekly newsletter to read the full story and get access to all members-only posts.

Subscribe
Already have an account? Sign in
Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to Ad Tech Explained.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.