VCDPA
Virginia Consumer Data Protection Act
Virginia, USA
In force since 2023
United States
Who must comply
Businesses that process data of 100,000+ Virginia consumers, or 25,000+ while deriving over half of revenue from selling data.
Penalties
Up to $7,500 per violation, enforced by the Virginia Attorney General.
Key obligations
- Offer opt-out of targeted ads, sale and profiling
- Get opt-in consent for sensitive data
- Honor consumer rights requests
- Provide a clear privacy notice
- Recognize universal opt-out signals
How ConsentX helps
Opt-out controls for targeted ads and sale
Opt-in gating for sensitive categories
Universal opt-out / GPC handling
DSAR workflow with evidence
Get VCDPA ready with ConsentX
This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.
How to comply with VCDPA using ConsentX
- 1
Scan your website
Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under VCDPA.
- 2
Show a geo-aware consent banner
Add the ConsentX banner. It detects each visitor region and shows the consent experience that VCDPA requires, automatically.
- 3
Block trackers until consent
Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.
- 4
Record tamper-evident proof
Every choice is stored as a tamper-evident consent receipt you can produce in a VCDPA audit.
- 5
Handle data requests on time
Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.
Frequently asked questions
Does VCDPA require opt-in for sensitive data?+
Yes. Processing sensitive personal data in Virginia requires the consumer's opt-in consent.
Can consumers opt out of targeted advertising?+
Yes, VCDPA gives a right to opt out of targeted advertising, sale and certain profiling.