The Delaware Personal Data Privacy Act (DPDPA) takes effect January 1, 2025. Delaware generally followed the Connecticut model, but has some unique terms. We provide a non-exhaustive list of some of Delaware’s requirements here.
A lower threshold for application; no categorical exemption for all nonprofits. The DPDPA applies to organizations that control or process personal data of 35,000 or more Delaware residents in a given year or organizations that control or process personal data of 10,000 or more Delaware residents and derive more than 20% of their gross revenue from the sale of personal data. Like states other than California, the DPDPA will only apply to personal data processed for a personal or household purpose (i.e., not in the employment context or in a commercial context).
