Delaware Personal Data Privacy Law to Arrive in January 2025

Delaware’s incoming DPDPA law applies to any business that operates in the state, or equally processes the personal data of more than 35,000 Delaware consumers. And for businesses that make more than 20% of their gross annual income from the sale of personal data, this threshold drops down to 10,000 Delaware consumers.

However, businesses have ample time to prepare. The law does not take effect until January 1st, 2025, and the Department of Justice will also carry out a state-wide public awareness campaign in the six months preceding its enactment.

This will firstly provide Delaware’s internet users with information about their rights under the law. And secondly, it will also inform businesses about their new legal obligations.

The department also plans to hire more staff to better educate the public about their rights. It additionally needs this extra manpower to effectively enforce the law and hold businesses accountable once the law comes into force.

The objective of the Delaware Personal Data Privacy law is to give Delaware’s consumers more control over the personal information that companies collect on them.

 “Delawareans haven’t had the right to even access who has their information, how much information they have on you individually, and also, if there is something wrong with that information, to correct it. But most importantly, to even delete the information.”

- Bill sponsor State Representative Krista Griffith

Businesses that fall under the scope of the DPDPA should start taking the necessary steps to meet these legal requirements. This may also include:

• Auditing data collection and privacy practices in relation to Delaware’s internet users
• Also creating an inventory of any historical personal data collected on these consumers
• Determining the type of data that your business will likely collect in the future
• Paying special attention to the personal data related to minors
• Ensuring your business can also respond quickly to consumer data requests
• Working with a data privacy advisor to ensure full compliance with DPDPA

The DPDPA is another example of the global trend towards the protection of internet user personal data protection that started with GDPR in 2018. It also continues the philosophical shift that the US is undergoing with regard to data privacy, as it moves from a harm-prevention-based approach to one based on user rights as per GDPR (with real implications for digital marketers).

Put another way, it continues the standardization of strict data privacy standards around the EU model. And like Europe, Delaware’s data enforcement authority will also need time before it can effectively enforce data malpractice.

But given the ever-tightening regulatory framework protecting data privacy, businesses looking to meet their legal obligations should moreover move away from personal data collection as much as possible.

TWIPLA is privacy-by-design, and also complies with all data privacy requirements by default. And at this Maximum Data Privacy Mode, our website analytics platform collects no personal data whatsoever. This keeps your business above board and also your customer data safe.

We provide an all-in-one website intelligence solution, with website statistics also complemented by visitor behavior analytics graphicalization tools and direct visitor communication features.

With TWIPLA, you can start using the website statistics and behavior analytics tools in our free forever plan, and only upgrade to a paid plan once you achieve increasing visitor number thresholds.

Sign up today and identify exactly what you need to do for your website to meet targets.