📍 Virginia

VCDPA VCDPA Compliance Checker

Virginia's privacy law went live in 2023. Most SaaS companies qualify. Is your website ready?

EffectiveJanuary 1, 2023

EnforcementVirginia Attorney General (no private right of action)

Overview

What is the Virginia Consumer Data Protection Act?

The Virginia Consumer Data Protection Act (VCDPA) grants Virginia residents rights to access, correct, delete, and opt out of the processing of their personal data. Unlike CCPA, there is no private right of action — but AG enforcement penalties are steep and the cure period has been eliminated.

Who Must Comply

Does VCDPA apply to your business?

Your business must comply with VCDPA if it meets any one of the following criteria:

Applies if you:

Controls or processes personal data of 100,000+ Virginia consumers per year
Controls or processes personal data of 25,000+ consumers and derives 50%+ revenue from selling personal data

Penalties

VCDPA fines & enforcement

Non-compliance can result in enforcement actions and civil penalties. There is no de minimis exception.

Civil penalty per violation Up to $7,500

Enforcement Virginia Attorney General

Private right of action None

Cure period 30 days (expires 2026)

Requirements

Key VCDPA compliance requirements

These are the core technical and operational requirements most SaaS websites need to address:

✓ Publish a privacy notice disclosing categories of data collected and purpose
✓ Honor consumer rights: access, correction, deletion, portability
✓ Allow consumers to opt out of targeted advertising and data sales
✓ Conduct data protection assessments for high-risk processing
✓ Obtain consent before processing sensitive personal data
✓ Implement reasonable data security practices
✓ Respond to consumer requests within 45 days

How Precept Helps

Automated VCDPA compliance scanning

Precept scans your website in seconds and identifies specific VCDPA compliance gaps — so you know exactly what to fix.

🔍

Privacy Policy Detection

Checks if your privacy policy exists, is reachable, and mentions VCDPA-required disclosures.

🍪

Cookie Consent Audit

Detects cookie banners, consent mechanisms, and opt-out flows required under VCDPA.

📡

Tracker Inventory

Maps third-party trackers, pixels, and analytics loading on your pages — the data you're implicitly collecting.

📋

Findings Report

Every gap comes with a severity rating, plain-English explanation, and a specific fix recommendation.

Find your VCDPA compliance gaps now

Free scan. No account required. Results in under 60 seconds.

Scan my website → View plans