How many controls does Virginia Consumer Data Protection Act have?

Virginia Consumer Data Protection Act contains 12 controls organized across 5 domains.

Where does Virginia Consumer Data Protection Act apply?

Virginia Consumer Data Protection Act is applicable in United States — Virginia. Organizations operating in or serving customers in this jurisdiction should evaluate its requirements.

What frameworks does Virginia Consumer Data Protection Act map to?

Virginia Consumer Data Protection Act has control-to-control mappings with 710 other compliance frameworks in our database. Use our compliance platform to explore these mappings interactively.

How do I get started with Virginia Consumer Data Protection Act compliance?

Start by understanding the framework's key controls and domains. Our compliance platform provides AI-powered gap analysis and mapping tools to help you assess your current posture and build a remediation plan.

Virginia Consumer Data Protection Act (VCDPA)

The Virginia Consumer Data Protection Act (effective January 1, 2023) is a comprehensive consumer privacy law establishing rights for Virginia residents and obligations for businesses. It applies to persons conducting business in Virginia or producing products/services targeted to Virginia residents that control or process personal data of at least 100,000 consumers annually, or 25,000 consumers while deriving over 50% of gross revenue from sale of personal data..

Domains

Enforcement (§59.1-584–585)

Data Protection Assessments (§59.1-580)

Controller Responsibilities (§59.1-578)

Consumer Rights (§59.1-577)

Definitions and Applicability (§59.1-575–576)

Frequently Asked Questions

Map Virginia Consumer Data Protection Act (VCDPA) to any other framework

Use our AI-powered compliance platform to find control overlaps, gaps, and build remediation plans in seconds.

Try Free on Compliance Platform