Texas Privacy Law Compliance Readiness Calculator

Assess your organization's readiness to comply with the Texas Data Privacy and Security Act (TDPSA), effective July 1, 2024. Answer the questions below to receive a compliance readiness score and actionable guidance.

Section 1: Applicability & Scope

Does your organization conduct business in Texas or produce products/services targeted to Texas residents? Is your organization classified as a "small business" by the U.S. Small Business Administration (SBA)? Does your organization process personal data of Texas residents? Does your organization process sensitive data (racial/ethnic origin, health, biometric, geolocation, children's data, etc.)?

Section 2: Consumer Rights Mechanisms (0–5 pts each)

Right to Access: Can consumers confirm whether you process their data and request a copy? Right to Delete: Can consumers request deletion of their personal data? Right to Correct: Can consumers correct inaccurate personal data? Right to Data Portability: Can consumers obtain their data in a portable format? Right to Opt-Out: Can consumers opt out of sale of personal data, targeted advertising, and profiling? Appeal Process: Do you have a process for consumers to appeal denial of their rights requests within 60 days?

Section 3: Data Governance & Security (0–5 pts each)

Privacy Notice: Do you have a publicly accessible, TDPSA-compliant privacy notice? Data Inventory: Have you mapped and inventoried all personal data you collect and process? Data Processing Agreements: Do you have contracts with processors specifying TDPSA-required provisions? Security Program: Do you maintain reasonable administrative, technical, and physical data security practices? Data Protection Assessments (DPAs/PIAs): Do you conduct assessments for high-risk processing activities (targeted advertising, sale of data, sensitive data, profiling)? Sensitive Data Consent: Do you obtain explicit consent before processing sensitive data? Children's Data: Do you have safeguards for processing data of children under 13 (COPPA) and 13–17 (TDPSA)? Employee Training: Are employees trained on TDPSA obligations and data privacy practices?

Section 4: Response Readiness

Consumer Request Response: Can you respond to consumer rights requests within 45 days (extendable by 45 days)? Attorney General Cure Period: Are you prepared to cure violations within 30 days if notified by the Texas AG?

Formula & Scoring Methodology

Weighted Compliance Score (%) =

Compliance Score (%) = [ Σ (Field Score × Field Weight) / Σ (5 × Field Weight) ] × 100

Where:
  Field Score  = 0 (not implemented) | 1 (planned) | 3 (partial) | 5 (fully implemented)
  Field Weight = 0.8 – 1.2 based on regulatory criticality under TDPSA
  N/A fields   = treated as score of 5 (not applicable = no gap)

Weights assigned:
  1.2 × weight → Right to Opt-Out, Privacy Notice, Security Program (core TDPSA requirements)
  1.0 × weight → All other consumer rights and governance controls
  0.8 × weight → Appeal Process, Employee Training, AG Cure Readiness (supporting controls)

Rating Thresholds:

≥ 90% → Highly Compliant
75–89% → Substantially Compliant
55–74% → Partially Compliant
35–54% → Minimally Compliant
< 35% → Non-Compliant

Assumptions & References

Texas Data Privacy and Security Act (TDPSA), Tex. Bus. & Com. Code Ch. 541, effective July 1, 2024.
TDPSA applies to persons conducting business in Texas or targeting Texas residents who process personal data and are not classified as SBA small businesses (with limited exceptions).
Civil penalties up to $7,500 per violation enforced exclusively by the Texas Attorney General (no private right of action). TDPSA Sec. 541.152.
Controllers must respond to consumer rights requests within 45 days, extendable by an additional 45 days with notice. TDPSA Sec. 541.052.
The AG must provide a 30-day cure period before initiating enforcement action. TDPSA Sec. 541.154.
Sensitive data categories include racial/ethnic origin, religious beliefs, mental/physical health, sexual orientation, immigration status, biometric data, precise geolocation, and children's data. TDPSA Sec. 541.001(18).
Data Protection Assessments (DPAs) are required for targeted advertising, sale of personal data, sensitive data processing, and certain profiling activities. TDPSA Sec. 541.105.
SBA small business classification follows SBA size standards by NAICS code.
Scoring weights are assigned based on the relative regulatory emphasis and enforcement risk under TDPSA and comparable state privacy laws (CCPA, VCDPA, CPA).
This tool is for educational and planning purposes only and does not constitute legal advice. Consult qualified legal counsel for compliance determinations.

Texas Privacy Law Compliance Readiness Calculator

Section 1: Applicability & Scope

Section 2: Consumer Rights Mechanisms (0–5 pts each)

Section 3: Data Governance & Security (0–5 pts each)

Section 4: Response Readiness

Formula & Scoring Methodology

Assumptions & References

In the network

Network

Texas Privacy Law Compliance Readiness Calculator

Section 1: Applicability & Scope

Section 2: Consumer Rights Mechanisms (0–5 pts each)

Section 3: Data Governance & Security (0–5 pts each)

Section 4: Response Readiness

Formula & Scoring Methodology

Assumptions & References

More Calculators

In the network

Network