Quickly fulfill consumer rights requests for the Virginia Consumer Data Protection Act (VCDPA) through automation.
For the first 6 DSARs
CYTRIO pricing is consumption based pricing. you pay based on number of DSARs processed by CYTRIO after the first 6 Free DSARs
The VCDPA, which provides comprehensive data privacy to Virginia residents, was signed into law in March 2021 by Governor Ralph Northam and goes into effect January 1st, 2023. Virginia became the second U.S. state to put strict privacy law on the books.
VCDPA provides consumers control and protection over their personal data. Under VCDPA “Personal data” means any information that is linked or reasonably linkable to an identified or identifiable natural person. “Personal data” does not include de-identified data or publicly available information.
This includes, but is not limited to name, address, social security number, telephone numbers, driver’s license number, credit card numbers and more. It also includes subcategories such as biometric identifiers (e.g., fingerprints) and other unique identifiers used by the consumer (e.g., pets’ IDs). Detailed information about VCDPA can be found at https://www.consumer.virginia.gov/
Virginia consumer privacy enforcement is the responsibility of the Virgina Attorney General. A company can be fined by the state of Virgina up to $7,500 per violation.
VCDPA is important as it puts many data privacy protection concerns in the hands of consumers. The regulation ensures that all customers have access to their online user records at any time and lists what information is considered personal in the state of Virginia. CDPA helps improve data protection of consumers because it sets boundaries for companies who want to conduct business in Virginia while also protecting citizens’ privacy.
The Virgina Consumer Data Privacy Act is important to both Virginia residents and any business that maintains digital records on Virginia residents. The implications hit a broad range of individuals and businesses, including persons that conduct business in the Commonwealth or produce products or services that are targeted to residents of the Commonwealth and that (i) during a calendar year, control or process personal data of at least 100,000 consumers or (ii) control or process personal data of at least 25,000 consumers and derive over 50 percent of gross revenue from the sale of personal data.
Consumer Rights
Consumers are provided multiple rights under VCDPA including:
Data Controller Responsibilities
VCDPA requires the controller to comply with a request by a consumer to exercise the consumer rights authorized pursuant to subsection A as follows:
VCDPA Enforcement and Civil Penalties
The Attorney General of Commonwealth shall have exclusive authority to enforce VCDPA privacy laws.
To avoid action by the Attorney General, the Controller or processor has 30 days from receipt of a written notice to cure any violation or alleged violation, and provide the Attorney General an express written statement that the alleged violations have been cured and that no further violations shall occur. If a controller or processor continues to violate provisions of VCDPA following the cure period or breaches an express written statement provided to the Attorney General, the Attorney General may initiate an action in the name of the Commonwealth and may seek an injunction to restrain any violations and civil penalties of up to $7,500 for each violation.
Additionally, the Attorney General may recover reasonable expenses incurred in investigating and preparing the case, including attorney fees.
CYTRIO is helping all organizations meet the burden of the Virginia Consumer Data Protection Act (VCDPA) with a comprehensive privacy rights management platform. Using CYTRIO, organizations can eliminate 80%+ of manual tasks required by Virginia CDPA, resulting in significant time and cost-saving, with VCDPA compliance response times and to reduce the risk of regulatory fines, all the while building consumer trust.
Using CYTRIO privacy compliance platform, organizations can operationalize and automate Privacy Right Management , enabling organizations to meet a complex set of VCDPA compliance requirements through a secure data request intake portal, identity verification, AI-driven private data
discovery, classification, identity correlation, data subject access request (DSAR) response orchestration, and detailed audit records. Learn more on CYTRIO’s NextGen Privacy Rights Management Solution.
Q1 2022 Research Report – 6,145 companies researched