What is VCDPA?

VCDPA is the state data privacy act of Virginia. It was the second US state privacy law to come into effect and shares many similarities with the CCPA, its more famous counterpart.

It applies only to companies that conduct business in Virginia or cater to Virginia residents and if:

  • They handle or process the personal data of a minimum of 100,000 users.

  • They handle or use the personal information of at least 25,000 consumers and generate more than 50% of your gross income from selling personal data.

Unlike other US states’ privacy laws, it does not prescribe a gross revenue in a calendar year threshold.

The VCDPA grants consumers the rights to know, access, delete, data portability, rectify, and opt out of the sale of personal information.

Businesses must serve consumers with a privacy notice, process only the minimum data necessary for the specified purposes in the privacy notice, and allow them to opt out of the sale of data. Moreover, businesses must ensure that the data is confidential by implementing adequate security measures to prevent unauthorized access.

MergeBase and VCDPA

Even though the VCDPA does not apply to us at the moment because we do not meet the thresholds, it doesn’t change anything in our operations or demand anything beyond what we currently provide. We strive for the highest data security and privacy standards even when the laws require less from us.

How Can MergeBase Help You Comply with the VCDPA?

The VCDPA grants flexibility in defining “appropriate safeguards,” empowering you to tailor security measures to your organization’s needs.

At MergeBase, we recognize this freedom comes with responsibility. We’re here to empower you with the tools and expertise to build a robust and exemplary data security posture that surpasses mere compliance.

Our comprehensive approach includes:

  • Proactive risk identification meaning that we go beyond the surface, pinpointing potential vulnerabilities and threats lurking within your systems.
  • Enhanced threat detection and response, which means that we fortify your defenses with advanced systems that swiftly identify and neutralize cyber threats.
  • Simplifying the compliance process, ensuring you stay ahead of VCDPA regulations.

With MergeBase as your partner, you can:

  • Achieve and maintain VCDPA compliance with confidence.
  • Foster a culture of data security within your organization.
  • Minimize the risk of data breaches and cyberattacks.
  • Build trust and transparency with your customers.