Recently, Governor Northam of Virginia signed into law the Virginia Consumer Data Protection Act (CDPA). This is the second major privacy act in the United States following California’s CCPA that went into effect last year. We at weForms want to keep you informed about what this means for you and your website/business, so we have gathered some information to help you understand and how to make sure you are compliant.
What is the CDPA?
CDPA is a new consumer privacy law that is meant to protect Virginian’s personal information. The CDPA applies to businesses that process personal information of over 100,000 consumers that are Virginia residents. Additionally, the CDPA also applies to businesses that process the data of at least 25,000 Virginia residents along with making more than 50% of its revenue from the sale of personal information.
The CDPA requires you to have the means to allow customers to request to view, edit, delete and receive an export of their personal information that has been processed by you. Additionally, it would require that you let customers opt-out of certain disclosures of personal information to third parties.
How Does the CDPA Affect Me?
If you are using weForms WordPress contact form, chances are you are collecting what may be considered personal information. If your form is collecting something as simple as a name or email address, you would fall under the requirements of the CDPA. This means that a customer can ask you to correct, delete, or provide a copy of their personal data.
Failure to do so could result in significant financial penalties for you or your business. For most businesses in 2021, a significant fine could cost you your company. There is a 30-day period in which you can remedy violations, however, it is best to future-proof your data collection to avoid additional stress.
What Do I Need To Do to Comply?
We have covered a lot so far, between what the CDPA is and what happens when you do not comply. While it is a lot of information, we do have some good news. Firstly, you have until 2023 to make sure you are in compliance. Secondly, this follows in the footsteps of the CCPA and if you are in compliance with that, you will often have most of what you need in place for the CDPA. Thirdly, weForms has the tools and partners to help you get to compliance.
An easy start to CDPA compliance is to create new pages to utilize our Data Erasure and Export Request form templates. These pages will be the spot where users can request you to delete or export the data. weForms already has built-in tools to comply with these requests as well.
Another step is to review security procedures around data. Make sure that you only ask for what you need, that your data is well protected, and only those who require access to the data can get it.
Organizing procedures and processing requests through weForms is easy, but what about the more difficult aspects of compliance? For example, you will need to make sure you have the appropriate disclosures on your site. Without the help of a lawyer, you may find this to be a difficult task. Fortunately, our friends at Termageddon have your back.
Termageddon is a service that both creates and maintains privacy policies for your websites. They assist in keeping you in compliance by regularly reviewing legal changes across the country (such as Virginia’s CDPA) and updating legal language as needed. Termageddon assists your business with compliance by helping:
- Reduce the risk of fines and lawsuits
- Limit the liability in regards to your data policy
- Protect intellectual property
- Reassure your customers and site visitors of your legitimacy
Get a License Today
Termageddon is a great tool to have to get you compliant with the CDPA and any future legislation. To start the process, register and get your license from Termageddon. We worked with Termageddon to save you 10% off your license purchase when you use the code WEFORMS. After you are registered, you’ll need to answer a few questions to best tailor the privacy to your business and website. It is as easy as that!