One framework for US data privacy
US data privacy laws are fragmented and constantly changing. Vanta’s US Data Privacy (USDP) framework helps you comply with state-level consumer privacy laws through one unified set of controls, so you can scale confidently across the US.
The Agentic Trust Platform powering security for over [customer_count] customers
Unify state privacy laws
Vanta’s USDP framework replaces state-by-state compliance with one comprehensive control set. Do the work once and satisfy overlapping requirements across 19 state laws including CCPA/CPRA, VCDPA, and CPA.
Vanta supports 19 state privacy laws including CA, CO, CT, DE, IN, IA, KY, MD, MN, MT, NE, NH, NJ, OR, RI, TN, TX, UT, and VA.
Connect privacy practices to USDP
Manage your processing activity in a live Data Inventory, connect your ROPAs, and DPIAs in one place—so every processing activity is structured, linked, and continuously validated. When systems, vendors, or AI workflows change, your GDPR posture updates with them.
Protect consumer data continuously
Move beyond point-in-time checks with continuous monitoring. Vanta alerts you to failing controls and non-compliant employees in real time, helping you protect consumer data and your brand.
Framework mapping
Reuse work across GDPR, NIST 800-171, HIPAA, and more. See how much of each framework you’ve already covered so you can plan what’s next and move faster.
GDPR
Protect EU personal data and comply with GDPR, including support for the EU–US Data Privacy Framework.
NIST 800-171
Protect controlled unclassified information (CUI) when working with the U.S. government or its contractors.
HIPAA
Secure protected health information (PHI) to meet U.S. regulatory requirements for healthcare providers and vendors.
Additional features
ROPA management
Create and maintain GDPR-required Records of Processing Activities in Vanta by documenting purposes, data categories, legal bases, and processors in one place.
Access reviews
Ensure only approved users can access systems that handle consumer data with automated access reviews and continuous checks.
Security awareness training
Run built-in privacy and security training to reduce human risk and meet workforce requirements across frameworks.
Data inventory
Centralize a living record of the personal data you collect, where it lives, and who owns it, so privacy teams have a clear, auditable view across systems and teams.
AI-powered compliance
Work smarter with automatic control mapping, policy importing and summaries, proactive SLA remediation, and an interactive policy chatbot.
DPIAs Privacy training
Create impact assessments with instant risk predictions and tie directly to processing activity in Vanta’s Data Inventory, and your ROPA.
“
Privacy can quickly become a massive manual overhead. Vanta integrates our core privacy workflows directly into our broader security ecosystem. Centralising these processes does more than just check a box; it strengthens our entire risk posture. Having that single source of truth gives us actual clarity on how we're performing.”
Learn more about USDP
The US Data Privacy Checklist
US Data Privacy (USDP) is an exclusive consumer data privacy framework available only from Vanta. USDP provides one comprehensive set of controls that gets you compliant with all current US state-level privacy laws – CCPA/CPRA, CPA, CTDPA, UCPA, and VCDPA.
Your essential 10-step GDPR compliance checklist
An actionable GDPR compliance checklist that will help you adhere to the relevant data protection requirements.
GDPR compliance for US companies: Step-by-step guide
Learn how GDPR impacts US organizations and what it takes to achieve compliance.
FAQ
Yes. Vanta’s USDP framework brings all state control sets together into one control set that is updated as laws evolve. States currently included are:
- California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)
- Colorado Privacy Act (CPA)
- Connecticut Data Privacy Act (CTDPA)
- Delaware Personal Data Privacy Act (DPDPA)
- Indiana Consumer Data Protection Act (ICDPA)
- Iowa Consumer Data Protection Act (ICDPA)
- Kentucky Consumer Data Protection Act (KCDPA)
- Maryland Online Data Privacy Act of 2024 (MODPA)
- Minnesota Consumer Data Privacy Act (MCDPA)
- Montana Consumer Data Privacy Act (MTCDPA)
- Nebraska Data Privacy Act (NDPA)
- New Hampshire Data Privacy Act (NH DPA)
- New Jersey Data Protection Act (NJDPA)
- Oregon Consumer Privacy Act (OCPA)
- Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA)
- Tennessee Information Protection Act (TIPA)
- Texas Data Privacy and Security Act (TDPSA)
- Utah Consumer Privacy Act (UCPA)
- Virginia Consumer Data Protection Act (VCDPA)
USDP is an evergreen framework. We add new state requirements as they’re enacted and alert you to changes, so you stay ahead.
Yes. Our templates are built by Vanta’s privacy and compliance experts and designed to be customized. We recommend having your legal counsel review them for your use case.
Yes. US state laws and GDPR are separate. If your business meets a state’s thresholds, you’ll need to comply with that law too. Vanta maps overlaps to help minimize duplicate work.
It typically takes 40–80 hours to implement core USDP controls. Your timeline will vary based on scope, data flows, and existing controls. Vanta’s automation and mapping help speed things up.
In Vanta you can upload existing ROPAs, manage processing activity live in a data inventory. Link your processing activity directly to DPIAs and connect privacy requirements back to tests and controls for GDPR.
