Virginia Consumer Data Protection Act (VCDPA) Awareness Course

Coming Soon: March 2026 Delivery: 100% online Duration: 35-40 minutes Certificate on Completion

0:00

15,000+ learners across our course collection. Immediate access on launch. 14 day 100% money-back guarantee.

Virginia was the second US state to pass comprehensive privacy legislation - and its framework has become the template for most states that followed. Understanding the VCDPA isn't just about Virginia compliance; it's about understanding the baseline model for US state privacy law.

This course gives your team practical guidance on the Virginia Consumer Data Protection Act. We cover who the law applies to, what rights Virginia residents have, the stricter requirements for sensitive data, and what happens when things go wrong.

The VCDPA requires opt-in consent for sensitive data - stricter than California. It also provides a 30-day cure period before enforcement, but penalties can reach $7,500 per violation. No technical background required - just focused, practical training your team can apply immediately.

Why learn about the VCDPA?

Understand the template that 10+ other US states have followed
Know when opt-in consent is required for sensitive data
Handle consumer data requests correctly within required timeframes
Avoid penalties of up to $7,500 per violation
Understand the 2025 amendments strengthening children's data protections

Course features

Virginia-specific

Focused entirely on the VCDPA with Virginia-specific requirements, thresholds, and enforcement context.

Practical scenarios

Real-world examples and case studies showing how the VCDPA applies in everyday business situations.

2025 updates included

Covers the latest amendments including strengthened protections for children's data.

Official sources

Built from the Virginia Code and Attorney General guidance, with references to official documentation.

Learning with us

Course information

Learning outcomes

Understand when and how the VCDPA applies to your organisation
Know the rights Virginia residents have over their personal data
Recognise sensitive data and understand the opt-in consent requirement
Handle consumer data requests correctly within required timeframes
Understand enforcement, the cure period, and potential penalties

Training recommendations

All employees who handle customer data should complete this training.
Annual refresher training is recommended to stay current with amendments and enforcement trends.
Teams handling sensitive data or consumer requests may benefit from additional role-specific training.

This course is recommended for

Employees who handle customer data at organisations that conduct business in Virginia or target Virginia residents. This includes marketing, sales, customer service, HR, IT, and compliance teams.

Prerequisites

There are no prerequisites for this course. No legal or technical background is required.

What do I need for this course?

This course is 100% online and delivered through our online learning platform. Organisations can also access this content via their own LMS on request (SCORM format available).

Course content

Section 1: What Virginia's Privacy Law Means for You

In this section we introduce the Virginia Consumer Data Protection Act and explain why it matters for your organisation. We cover when the law applies, who it protects, and the key definitions you need to understand.

Lessons

Introduction to the VCDPA
Who the law applies to
Key definitions explained
Virginia residents and their rights

Section 2: What Customers Can Ask For

Virginia residents have specific rights over their personal data. In this section we cover what those rights are, how to recognise a valid request, and what your obligations are when you receive one.

Lessons

The right to know
The right to access and portability
The right to correct and delete
The right to opt out
Handling consumer requests

Section 3: Sensitive Data Needs Extra Care

The VCDPA requires opt-in consent before processing sensitive data - stricter than many other privacy laws. We explain what counts as sensitive data and how to handle it correctly.

Lessons

What is sensitive data under VCDPA?
The opt-in consent requirement
Children's data protections
Practical consent workflows

Section 4: Handling Data the Right Way

This section covers the operational requirements of the VCDPA including data minimisation, purpose limitation, security obligations, and working with third-party processors.

Lessons

Data minimisation principles
Purpose limitation
Security requirements
Processor contracts and obligations

Section 5: Common Mistakes and How to Avoid Them

Learn from real-world compliance failures and common pitfalls. We cover the mistakes organisations make most often and practical steps to avoid them.

Lessons

Dark patterns and deceptive design
Cookie consent mistakes
Incomplete privacy notices
Third-party data sharing issues

Section 6: What Happens If Things Go Wrong

Understand the enforcement landscape, the 30-day cure period, and what penalties look like. We also cover how to respond if you receive an investigation notice.

Lessons

Attorney General enforcement
The 30-day cure period
Penalties up to $7,500 per violation
No private right of action
Responding to investigations

Section 7: Assessment

Test your knowledge with scenario-based questions covering all the key VCDPA concepts from the course.

Lessons

Knowledge check (10 questions)

How it works

Step 1

Get notified

Sign up to be notified when this course launches. You'll be among the first to know and can start training your team immediately.

Step 2

Start learning

Each team member will have access to the learning materials and assessment. On completion of the course, team members will be issued with a certificate.

Step 3

Stay compliant

As the VCDPA evolves, we'll update the course. Trainees can review updated materials to stay current with enforcement trends and amendments.

What's included

Training

Distraction-free online learning platform
Scenario-based end of course assessment

Updates

Access to all course material updates and enhancements for the length of your access period

Certification

Certificate on completion

Course FAQs

Will I get a certificate?

Yes, on completion of the course you will be issued with a digital certificate. It will be issued by our team shortly after completion of the course including the end of course assessment. You can add this to your LinkedIn profile.

Who should take this course?

This course is designed for employees who handle customer data at organisations that may be subject to Virginia's privacy law. This includes marketing, sales, customer service, HR, and IT teams.

How is VCDPA different from GDPR?

While both laws protect personal data, there are key differences. VCDPA applies to Virginia residents and has different thresholds for applicability. It also provides a 30-day cure period before enforcement action, which GDPR does not. However, VCDPA requires opt-in consent for sensitive data, similar to GDPR's approach.

Does VCDPA apply to my organisation?

VCDPA applies to organisations that conduct business in Virginia or target Virginia residents, AND either: (a) control or process personal data of 100,000+ Virginia consumers, or (b) control or process data of 25,000+ Virginia consumers and derive 50%+ of gross revenue from selling personal data.

What are the penalties for non-compliance?

The Virginia Attorney General can impose civil penalties of up to $7,500 per violation. However, organisations have a 30-day period to cure any alleged violation before penalties apply. There is no private right of action, meaning individuals cannot sue directly.

Is there a money back guarantee?

Yes, we offer a 14-day 100% money-back guarantee. If you are not satisfied with the course for any reason, simply contact us within 14 days of purchase for a full refund.

How long does the course take?

The course typically takes 35-40 minutes to complete. You can pause and resume at any time, and your progress is automatically saved.