Texas Data Privacy and Security Act (TDPSA)

Meet TDPSA requirements and achieve compliance

  • Achieve a TDPSA-compliant online presence for your website or app
  • Minimize data protection risks and associated fines and penalties
  • Document the collection, storage and use of personal data according to best practices
  • Benefit from privacy-compliant and autonomous solutions with us by implementing a CMP, with the highest possible opt-in rates
  • Turn compliance into real competitive advantage and delight your customers

Ask for a free initial consultation
Texas Map 2-2

The Texas Data Privacy and Security Act (TDPSA) came into force on July 1, 2024. However, the specific provisions providing for universal opt-out mechanisms for consumers will not take effect until January 1, 2025.

What is the Texas Data Privacy and Security Act (TDPSA)?

The Texas Data Privacy and Security Act (TDPSA) is a law that specifies how businesses must collect, use and process the personal information of Texas consumers. The purpose of the law is to protect the privacy and security of Texas consumers.

Who does the TDPSA apply to?

Under section 541.002 of the TDPSA, your business is required to comply with this law if it meets the following criteria:

Doing business in Texas

You do business in Texas or produce goods or services that are consumed by residents of the state.

Data trading

You process or sell personal data.

Company size

Your business is not classified as a small business under the U.S. Small Business Administration (SBA) definition, which means businesses with fewer than 500 employees must also comply with the law unless they do not sell sensitive personal information.

TDPSA compliance checklist for websites:

 

Check gelb
Check gelb
Check gelb

Make sure that your privacy policy is formulated in a clear and easy-to-understand privacy policy to adequately inform consumers.

Manage consumer consent through a cookie policy and offer opt-out options in a consent banner.

Process requests from consumers via Data Subject Access Requests (DSAR) and explicitly refer to this option in your privacy policy.

Achieve TDPSA compliance with DWC

Create a data protection policy

Develop a privacy policy that complies with all legal obligations set out in the legal text. Review and update your existing privacy policy regularly to ensure that it complies with the latest legal requirements.

  • Data categories and processing purposes: Clearly and comprehensibly list all categories of personal data that you collect, including any sensitive data. Explain in detail the purposes for which this data is processed.
  • Consumers' rights: Provide consumers with comprehensive information on how they can exercise their rights under data protection law, including the right to access, rectify and erase their data and the right to object to processing.
  • Data sharing with third parties: Be transparent about whether and what data is shared with third parties. Specify under what circumstances and for what purposes this transfer takes place and how the security of the data is guaranteed. 
Create a data protection policy

Implement a Consent Management Platform (CMP)

Use a Consent Management Platform (CMP) to effectively manage consumer consent. This tool supports you with automated data collection, management and storage, as well as compliance with various opt-in and opt-out obligations.

  • Comply with opt-in requirements: Use the CMP to obtain explicit consent before processing sensitive personal data and make the sale of sensitive or biometric data transparent.
  • Implement opt-out procedures: Incorporate opt-out capabilities into your CMP to give consumers control over the use of their data for targeted advertising, the sale of their personal data and certain profiling activities.
Implement a Consent Management Platform (CMP)

Add a DSAR form for consumer requests

Provide a Data Subject Access Request (DSAR) form on your website so that consumers can easily and directly request access to their personal data. This allows consumers to actively exercise their data protection rights.

  • Improve accessibility: Post the DSAR form in a prominent location on your website to ensure it is easy to find for all users.
  • Offer alternative contact methods: In addition to the online form, a specific email address should also be provided for consumers to submit their privacy inquiries.
  • Inform consumers: Use consent banners and cookie policies to educate consumers about their rights and how to submit DSAR requests.
Add a DSAR form for consumer requests

Meet all TDPSA requirements with a Consent Management Platform (CMP)

What consumer rights apply under TDPSA?

Recht auf Auskunft

Right to information

Consumers have the right to check whether a company is processing their personal data. They also have access to this data in order to view its use and processing.

Recht auf Zugang

Right of access

Consumers can request access to their personal data stored by a company. This enables them to check the completeness and accuracy of the data.

Recht auf Löschung-1

Right to correction & deletion

Consumers have the right to have inaccurate or outdated personal data corrected. They can also request that a company deletes their data, provided there are no legal retention obligations to the contrary.

Recht auf opt out

Right to opt-out

Consumers have the right to prohibit the sale of their personal data. They can also refuse targeted advertising and object to the use of their data for significant decisions based on automated profiling.

We implement the Usercentrics CMP for you

The implementation of a Consent Management Platform (CMP) offers companies numerous advantages when handling personal data and helps them to comply with the TDPSA. A CMP enables the efficient and legally compliant management of user consent. It not only improves the transparency and understanding of data processing processes for users by providing clear information about opt-ins and opt-outs, but also optimizes the user experience and strengthens their trust. In addition, automating the consent process with a CMP saves time and reduces errors. 

As data protection and digital analytics experts, we offer companies the implementation and configuration of the Consent Management Platform (CMP) from Usercentrics, the leading provider in Europe. Our expertise in data protection and digital analytics enables us to provide a customized solution that not only meets legal requirements, but also offers the highest opt-in rates and is optimally tailored to the specific needs and processes of your company.

We implement the Usercentrics CMP for you

Your benefits of the Usercentrics Consent Management Platform (CMP)

Central consent management

Using a CMP makes it possible to manage all data protection requirements clearly in one place. This helps to maintain an overview and ensure that all processes comply with the requirements.

Global data protection

Usercentrics' CMP enables you to efficiently fulfill data protection requirements in multiple states or countries. With this platform, you can ensure compliance with various data protection laws worldwide by addressing the specific requirements for consumers in the respective regions.

Seamless integration

The CMP from Usercentrics is characterized by its easy integration into common content management systems (CMS) and website builder platforms. In addition, the platform can be extensively customized to your specific requirements to ensure optimal functionality and user-friendliness.

Benefit from our expertise in Consent & Data Management

400+
Projects
80+
Customers
25+
Sectors
15+
Countries
TDPSA Checkliste Cover EN

Download our free checklist for achieving TDPSA compliance