Skip to main content

They Ask, You Answer Mastery

A coaching & training program that drives unmatched sales & marketing results.


Sales Performance Mastery

Improve the competencies and close rates of your sales organization.

Web design

Website Mastery

Web design, development & training for your team.


HubSpot Mastery

Everything you need to get the most from HubSpot.

AI Mastery

AI Enablement Mastery

Unlock the power of AI in all aspects of your revenue operations.

Discover how IMPACT’s services can help take your business to the next level. Book a free 30-minute coaching session Book a free 30-minute coaching session
Learning Center
Learning Center

Learning Center

Free resources to help you improve the way you market, sell and grow your business.

[NEW] The Endless Customers Podcast is now available everywhere. Learn how to earn trust & win more customers in the age of AI. Listen Now Listen Now

Free: Assessment Does your website build trust with buyers and bring in revenue?


Free: Assessment

Does your website build trust with buyers and bring in revenue?
Take this free 6 question assessment and learn how your website can start living up to its potential.
Liz Murphy

By Liz Murphy

Mar 8, 2021


Web Design Data Security Executives and Leaders
Join 40,000+ sales and marketing pros who receive our weekly newsletter.

Get the most relevant, actionable digital sales and marketing insights you need to make smarter decisions faster... all in under five minutes.

Thanks, stay tuned for our upcoming edition.
Web Design  |   Data Security  |   Executives and Leaders

Virginia Consumer Data Protection Act (VCDPA) is now law, but so what?

Liz Murphy

By Liz Murphy

Mar 8, 2021

Virginia Consumer Data Protection Act (VCDPA) is now law, but so what?

Attention business owners with websites... which, is pretty much all of you.

In a surprise to absolutely no one, yet another state has rolled out a data privacy law – and this time it's the Commonwealth of Virginia. Following in the footsteps of its legislative predecessors (e.g. California's CCPA), Virginia's Senate Bill 1392 is centered around the singular goal of protecting consumer data:

"It is time that we find a meaningful way of protecting the citizens of the Commonwealth of Virginia’s data .… Virginia is in a unique position to be a leader on this issue. There’s a huge amount of the data on the internet that flows through the commonwealth. Privacy is not a new issue."

– State Senator David Marsden

Although signed into law on March 3, this will not take effect until January 1, 2023

Is your company affected by the VCDPA?

This new law applies to you if you do business in Virginia, or if you sell products or services that target residents of the Commonwealth and:

  1. You process or control data for 100,000 or more residents of Virginia, or
  2. You process or control data for 25,000 or more residents of Virginia and earn 50% revenue (gross) from the sale of personal data.

Exemptions include organizations subject to HIPAA, higher education, and nonprofits, as well as financial institutions or data subject to the Gramm-Leach-Bliley Act.

🔎 Related: GDPR and data privacy one year later, what we've learned so far

How are 'personal data' and 'processing' defined in the VCDPA?

"Personal data" is defined generally as "any information that is linked or reasonably linkable to an identified or identifiable natural person. [It] does not include de-identified data or publicly available information."

🔎 Related: Google releases new security controls for Chrome users

"Process" and "processing" are defined as "any operation or set of operations performed, whether by manual or automated means, on personal data or on sets of personal data, such as the collection, use, storage, disclosure, analysis, deletion, or modification of personal data."

What rights do your Virginia buyers have under this new law?

  • Choosing whether or not their personal data is accessed and/or processed
  • Correcting errors in personal data
  • Deleting personal data
  • Obtaining a copy of personal data in a portable, ready-to-use (if possible) format, so it can be transferred to another "controller"
  • Opting out of processing personal data for the purposes of targeted advertising, the sale of personal data, or any other profiling 

Additionally, your buyers in Virginia will have the right to have you respond within 45 days to any requests regarding their privacy rights. This is why you've got such a big heads up that this is going into effect, folks – "the time to hesitate is through," etc.

Also, "controllers" (that's you, if you fall under the scope of this bill) will have data protection assessment obligations – if you're familiar with GDPR, you've definitely heard of these before

Now is the time to update and streamline your processes.

🔎 Related: Your visitors will see your forms aren't secure with new Google update

What will you now need to disclose in your privacy policy to be VCDPA-compliant?

If you're subject to this new law, here is what you now need to include in your privacy policy disclosure:

  • Personal data categories you process
  • Your specific reasons for processing that data
  • How your buyers can exercise their privacy rights (including the appeals process)
  • At least one secure avenue for buyers to exercise those rights
  • What data (if any) that you share with third-party entities
  • If you do (or don't) sell data for advertising targeting
  • How consumers can opt out of processing for targeted ads

🔎 Related: If COVID-19 forced your business online, update your privacy policy

OK, so what does this all mean for you?

Well, in addition to the obvious – updating your privacy policy, and implementing new processes and procedures to support consumer privacy-related requests – IMPACT Director of Community and Events Stephanie Baiocchi had this to say...

(Tools recommended below and links therein may provide IMPACT with compensation for signups. This in no way affects IMPACT's recommendation of the tools.)

"As individual states continue to roll out their own privacy laws (California, Nevada, Virginia, and more), it can start to feel overwhelming to keep track of all the compliance requirements.

However, the ultimate goal of all of these laws is very similar: to protect consumers’ data.While each law may have unique compliance requirements, all of the privacy laws in the United States are focused on protecting consumers’ personal data through a combination of disclosures and practices.

Just like you know inherently not to buy lists of emails and bulk email them without the recipients’ permission, you know not to take consumer data without permission or use it wrongly. Or, throughout the rollouts of these laws, you will learn.

It’s usually a combination of explicitly communicating what data you’ll be using and how, allowing consumers to obtain and request deletion of this data, and allowing consumers to opt out of their personal data being used moving forward.

Using a tool like Termageddon can help keep your privacy policy updated automatically when laws change. However, you do still need to make sure someone is responsible for making sure your data practices actually change when required.

Granted, this law won’t fully go into effect until January 1st, 2023. But if you can get on top of these changes as they roll out you’ll be less likely to forget or miss the date in the future. It’s very important someone at your organization (or an external consultant) owns making sure privacy laws are followed. Not only will it build trust with your audience but it will save you from incurring hefty fines."

Stephanie's right about the fines, by the way. According to the VCDPA, violators will be subject to (up to) a $7,500 fine per violation. 

Even if you're not in Virginia, if you haven't been paying attention to data privacy legislation up to this point, now is the time. Florida, Minnesota, New York, Oklahoma, and Washington all have similar bills working their way through state legislatures.

Free: Assessment

Does your website build trust with buyers and bring in revenue?
Take this free 6 question assessment and learn how your website can start living up to its potential.

Related Articles

20 Value Proposition Examples that Every Marketer Can Learn From in 2024

January 18, 2024
John Becker John Becker

HubSpot vs WordPress: Which is Better for Your Business Website?

January 11, 2024
Vin Gaeta Vin Gaeta

5 Examples of Companies with Great Multi-Brand Websites

January 7, 2024
John Becker John Becker

Website Conversions in 2024 — STOP, START, KEEP

December 25, 2023
Vin Gaeta Vin Gaeta

10 Pricing Page Examples for Business Websites (Updated for 2024)

November 30, 2023
Connor DeLaney Connor DeLaney

The Hidden Costs of a Cheap Website

November 29, 2023
Vin Gaeta Vin Gaeta

The Website Experience Your Customers Are Yearning For

November 27, 2023
Mary Brown Mary Brown

10 Examples of Company Profile Pages to Inspire Yours

November 22, 2023
John Becker John Becker

Is It Time for an AI-powered Chatbot on Your Website?

November 21, 2023
Will Smith Will Smith

Think of Your Business as ‘E-Commerce’ — No Matter What You Sell

November 15, 2023
John Becker John Becker

8 of the Best Business Website Designs to Inspire You in 2024

November 1, 2023
John Becker John Becker

Your Website in 2024: The Future of Trends, Tech, and Traffic

November 1, 2023
Vin Gaeta Vin Gaeta

Create Better Website Videos by Avoiding These 3 Mistakes

October 25, 2023
Lindsey Schmidt Lindsey Schmidt

4 Ways To Recession-proof Your Website In 2024

October 22, 2023
Marcus Sheridan Marcus Sheridan

Business Leaders: Do You ‘Own’ Your Own Website?

October 16, 2023
Mary Brown Mary Brown

8 Best Content Management Systems for Digital Marketing in 2024

October 1, 2023
Ramona Sukhraj Ramona Sukhraj

Can I Use AI Tools To Build My New Website?

September 18, 2023
Vin Gaeta Vin Gaeta

What Is a 'Learning Center' and Why Does My Website Need One?

September 14, 2023
John Becker John Becker

What Does a Great Inbound Marketing Website Look Like in 2024?

August 8, 2023
Ramona Sukhraj Ramona Sukhraj

How Much Does a Website Redesign Cost in 2024?

July 20, 2023
Vin Gaeta Vin Gaeta

Do You Need a New Website? Maybe Not

July 19, 2023
Vin Gaeta Vin Gaeta

14 Award-Winning Website Designs (& What They Did Right)

July 17, 2023
Christine Austin Christine Austin

What a New Self-Selection Tool for Your Website Will Cost

July 13, 2023
John Becker John Becker

9 Self-Service Tools to Inspire Your Business Website

July 10, 2023
John Becker John Becker

Your Website Strategy Must Include These 6 Things

March 20, 2023
Mary Brown Mary Brown