What is Virginia Consumer Data Protection Act (CDPA) ?
The Virginia Consumer Data Protection Act (CDPA) law goes into effect on January 1, 2023. The law applies only to businesses with large amounts of consumer data and does not apply to employee or business-to-business (B2B) data. The CDPA also provides broad exemptions, including for financial institutions subject to the Gramm-Leach-Bliley Act (GLBA) and covered entities and business associates subject to the Health Insurance Portability and Accountability Act (HIPAA). Broad in scope, the CDPA incorporates aspects of the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and the EU General Data Protection Regulation (GDPR). Below are outlined some key aspects of the CDPA and have compared it to these other comprehensive privacy laws. Who Must Comply with the CDPA? Businesses are subject to the CDPA if both of the following criteria are met: They either conduct business in Virginia or produce products or services that are targeted to Virginia residents, an