CDPA (Virginia Consumer Data Protection Act) goes live January 1, 2023. The law follows other high-profile data protection and privacy laws such as GDPR (General Data Protection Regulation) that went live on May 24, 2018, and CCPA (California Consumer Privacy Act) that went live on January 1, 2020.
While all of the laws have the same general intent to protect users' personal data, CDPA has a few unique requirements.
· CDPA grants users the right to view and obtain their personal data by the covered entity. GDPR allows users to request the data be deleted 'right to be forgotten,' and CCPA enables users to grant permission to sell their data. This will increases companies' obligations to allow users to view, edit, and delete personal data.
· CDPA also grants users the ability to opt-out of processing personal data for targeted advertising purposes. GDPR and CCPA do not cover this.
Virginia will give businesses that violate CDPA 30days to correct behavior before they are fined up to $7,500 per violation. Consumers cannot take legal action directly against a business. CDPA contains no private right of action.