Simplify Compliance: Leverage Consentmo to Meet VCDPA and CPRA Regulations for Your Shopify Store
As a business owner, it can be challenging to navigate the complex and ever-changing landscape of data privacy laws. It can be overwhelming to understand the specific requirements of each law, especially when you don’t have a dedicated legal team or expertise in the field. Moreover, the consequences of non-compliance can be significant, including heavy fines and reputational damage.
Two of these new and updated laws are the VCDPA and the CPRA. The Virginia Consumer Data Protection Act (VCDPA) and The California Privacy Rights Act (CPRA) apply to businesses that collect and process the personal data of Virginia and California residents and meet specific revenue or data processing thresholds.
So, how can you be compliant with the VCDPA and CPRA with the Consentmo app? Read on to find out.
What's new in The California Privacy Rights Act
The California Privacy Rights Act (CPRA) is a privacy law that went into effect on January 1, 2023. It builds upon and strengthens the California Consumer Privacy Act (CCPA), which was enacted in 2018. The CPRA grants California consumers new rights and protections with respect to their personal information, including the right to opt-out of the sale of their personal information and the right to request that their personal information be deleted.
The CCPA and the CPRA apply to businesses that do business in California, regardless of size. The CPRA expands the CCPA's coverage to businesses that meet one or more of the following criteria:
- Have annual gross revenues in excess of $25 million;
- Buy, sell, or receive for the business's commercial purposes the personal information of 50,000 or more consumers, households, or devices;
- Derive 50% or more of their annual revenues from selling consumers' personal information.
For more information on that, you can check out our extensive blog post on the topic: Navigating California's new Privacy Regulations: CCPA and CPRA explained.
What is The Virginia Consumer Data Protection Act
The Virginia Consumer Data Protection Act (VCDPA) was signed into law in March 2021 and went into effect on January 1, 2023.
Under this law, consumers have the right to know what personal data is being collected about them, the purpose of the collection, and who the data is shared with. Consumers also have the right to request that their personal data be deleted or corrected and to opt out of selling their personal data to third parties.
Like GDPR, the VCDPA has significant financial penalties for non-compliance, including fines of up to $7,500 per violation. Therefore, it's essential for businesses that collect and process Virginia residents' data to ensure they comply with the law to avoid potential penalties and reputational harm.
Why are the VCDPA and CPRA important for shop owners
Ensuring compliance with VCDPA and CPRA can benefit your business in many ways. Firstly, it can help you avoid potential legal and financial penalties. Secondly, it can enhance your reputation as a trustworthy and responsible business. And finally, it can increase customer loyalty and trust, leading to more sales and revenue. According to a survey by Cisco, 81% of consumers are willing to share personal information with companies they trust, showing that privacy compliance is essential for building customer trust.
How the Consentmo app can help with VCDPA and CPRA compliance
We have worked hard to offer assistance to the merchants using our app with their VCDPA and CPRA compliance. So, here is how you can now protect the personal data of Virginia and California residents with the Consentmo app.
The Quick Setup
Landing on the Quick Setup after installation, you will notice an update in the Region settings. Now, you can select GDPR and LGPD laws separately and instead of only CCPA, we now have the CCPA-CPRA option, made to reflect the updates in compliance laws in California. The last important change is indeed, the addition of the VCDPA button. We further improved this section, separating and adding laws, so users can pick the specific region/s they wish to enable the Cookie bar from the beginning.
With these changes in the Quick Setup, you can configure your shop's compliance to cover the state of Virginia and California from the initial configuration.
The Enable For Specific Regions setting
After finishing the Quick setup you will be forwarded to Global Settings tab, where you will find the Enable For Specific Regions option. In this setting, all of the compliance laws can be selected individually, including the updated Enable for California Visitors (CCPA-CPRA) and the new Enable for Virginia Visitors (VCDPA) options. There, you can enable the Cookie bar and Preferences popup for any region you need. Premium users can also take advantage of the Enable For All Countries option, in order to show the Cookie bar everywhere in the world.
The View Compliance Pages section
We have made a brand new section in the Global Settings tab - the View Compliance pages section. From this new section, you will be able to access all compliance pages, including the new VCDPA and CCPA-CPRA Compliance pages.
The CCPA-CPRA Compliance page
It resembles the CCPA Compliance page, with the difference that there is a new field that gives your store visitors the option to limit the use of their sensitive personal information.
The Records tab
It has a brand-new look. Our premium users will now have the opportunity to filter through their Data Subject Requests by law. With this option, users have access to filters for all available laws - GDPR, LGPD, CCPA-CPRA, VCDPA, PIPEDA, APPI. That way, you can select to view and then export by category.
Practical tips for VCDPA compliance
Here we have compiled three practical tips to help ensure your Shopify store is compliant with the VCDPA:
- Use a compliance app in Shopify: The easiest and most effective way to ensure VCDPA compliance is to use an app in Shopify. These apps help automate the compliance process, including providing cookie banners, consent management, and privacy policy generation. Look for apps that also offer compliance with VCDPA and have a good track record of customer satisfaction.
- Understand the data you collect: It’s essential to understand the type of data you collect and how it’s used. Perform a data audit to identify the personal data you collect and ensure you have a legal basis for processing it. Also, update your privacy policy to reflect the specific requirements of the VCDPA.
- Train your team: Make sure everyone on your team is aware of the VCDPA compliance requirements. Provide training on how to handle personal data, including how to obtain consent and manage data subject requests.
Conclusion
Ensuring compliance is essential for any Shopify business that collects personal data. By using a professional app from the Shopify store, understanding the data you collect, and training your team, you can guarantee compliance and avoid potential legal and financial penalties. With Consentmo app, the process is even more straightforward and efficient.
If you have any specific questions do not hesitate to contact us via chat or email, or simply check our FAQ page.