# [Manage privacy requirements of the Delaware Personal Data Protection Act (DPDPA)](https://usercentrics.com/dpdpa/) **Handle privacy notices, opt-outs, and cookie consent without disrupting analytics, ads, or revenue. Meet Delaware's privacy requirements with Usercentrics Consent Management Platform (CMP). More businesses need to comply than you might expect, with no minimum revenue threshold and a low consumer data volume trigger.** [Start free](https://usercentrics.com/free-trial/) · [Contact Sales](https://usercentrics.com/book-a-consultation/) --- ## What is the DPDPA? The Delaware Personal Data Protection Act (DPDPA) is a comprehensive consumer privacy law that took effect on January 1, 2025. It governs how businesses collect, process, share, and sell the personal data of Delaware residents, granting new rights to individuals and placing obligations on businesses that meet its thresholds. The DPDPA shares structural similarities with other U.S. state privacy laws, but stands out for its broad sensitive data definition and its protections for minors, including requirements for prior consent from teens for certain uses of their data. [Common DPDPA questions and answers](https://usercentrics.com/knowledge-hub/delaware-digital-personal-data-protection-act-dpdpa/) --- ## DPDPA at a glance - The Delaware Personal Data Protection Act (DPDPA) took effect on January 1, 2025. - Applies to: For-profit businesses that process personal data of at least 35,000 Delaware residents, or at least 10,000 Delaware residents if they derive more than 20 percent of gross revenue from the sale of personal data. - Delaware residents have rights of access and disclosure; correction; deletion; portability; opt-out of data sales, targeted advertising, or certain types of profiling; and non-discrimination. - Businesses must provide clear privacy notices and respond to consumer rights requests within 45 days. - Enforcement: Delaware Attorney General, civil penalties for violations. - Cure period: The Department of Justice can provide a cure period at its discretion, but there is no longer a right to cure. --- ## What does the DPDPA require from businesses? The DPDPA applies to for-profit organizations that process personal data of at least 35,000 Delaware consumers per year, or at least 10,000 while deriving more than 20 percent of gross revenue from selling personal data. Covered businesses must provide a clear privacy notice explaining how personal data is collected, used, shared, or sold, and offer opt-out mechanisms for data sales, targeted advertising, and certain profiling. Affirmative opt-in consent is required before processing sensitive personal data, including the personal data of known children. Businesses must also respond to consumer rights requests within 45 days (extendable by a further 45 when reasonably necessary), conduct Data Protection Assessments before higher-risk processing activities such as data sales, targeted advertising, or profiling (if they process the personal data of 100,000 or more consumers), and implement reasonable security measures throughout the data lifecycle. --- ## What are the risks of ignoring the DPDPA? Failing to meet DPDPA requirements can result in enforcement by the Delaware Attorney General, with civil penalties of up to USD 10,000 per violation. The original 60-day cure period expired at the end of 2025, so the Department of Justice may now grant an opportunity to cure at its discretion, based on the nature and scope of the violation. Beyond financial penalties, gaps in consent management, opt-out mechanisms, or required notices can increase legal risk, disrupt advertising and data-driven revenue, and weaken customer trust. Many businesses operating under the DPDPA also face obligations under other U.S. state privacy laws. A single, well-configured consent management platform can address Delaware's requirements while supporting compliance readiness across jurisdictions. As privacy expectations rise, inadequate data practices can also damage reputation, reduce customer engagement, and cost business. ### How a cookie banner helps your website perform **Reliable tracking you can trust** Analytics and ads behave predictably based on real user choices. A well-configured cookie banner helps prevent broken tracking, data gaps, and last-minute fixes — your insights stay dependable. **Less work, fewer surprises** Automatic cookie scanning and updates can keep your banner accurate as your site and legal requirements change. Less manual upkeep, fewer headaches, and more time for your team to focus on growth. **A better first impression** A clear, customized cookie banner gives visitors transparent choices from the first interaction. The result: less friction, more trust, and reduced legal risk from the start. **Protect revenue as privacy rules change** The DPDPA is rarely the only law your company answers to. A single, scalable CMP and cookie banner helps keep you covered across jurisdictions without rework as requirements shift. > "Honestly, it was click, click, click, done." > > — Kathryn Fletcher, Web Application Development Manager, Gilson [Read full review](https://usercentrics.com/resources/case-study-gilson/) --- Get your websites and apps ready for Delaware privacy rules The DPDPA's low threshold means more businesses are covered than you might expect. Try Usercentrics for free to address privacy notice and opt-out obligations, without touching analytics or ads. [Start free](https://usercentrics.com/free-trial/) --- ## Talk to our privacy experts With no minimum revenue threshold, the DPDPA can apply to businesses of almost any size that process the personal data of Delaware residents. Usercentrics helps you provide clear notice, the right opt-out mechanisms, and audit-ready consent records. Without slowing down your websites, apps, or adtech. Managing obligations under multiple U.S. or global privacy laws? We'll help you with a setup that scales. - Stable tracking and marketing performance as privacy rules evolve - Required opt-out mechanisms for data sales and targeted advertising, ready to deploy - Automated scanning designed to keep your privacy notice and cookie banner accurate - A single platform to manage U.S. and global privacy laws, updated automatically [Contact sales](https://usercentrics.com/book-a-consultation/) --- ## Learn more **Checklist — May 29, 2025** [Delaware Personal Data Protection Act (DPDPA) Checklist](https://usercentrics.com/resources/dpdpa-checklist/) Our DPDPA compliance checklist will help you achieve and maintain privacy compliance. Build user trust and achieve high opt-in rates. **Article — Feb 7, 2025** [U.S. data privacy laws by state: rights and requirements](https://usercentrics.com/knowledge-hub/us-data-privacy-laws-by-state/) In 2025 more US state privacy laws will come into effect than in any previous year, though federal legislation remains stalled. We compare what US state-level data privacy laws mean for consumers and businesses. **Article — Apr 29, 2026** [COPPA Compliance: Key Requirements for 2026](https://usercentrics.com/knowledge-hub/coppa-compliance/) Compliance with the Children's Online Privacy Protection Act (COPPA) is required for any business handling the personal information of children under age 13 in the United States. This article discloses the key provisions of COPPA to help organizations take the necessary steps to achieve and maintain compliance and build trust with families. --- ## Frequently asked questions ### Who does the DPDPA apply to? The Delaware Personal Data Protection Act (DPDPA) applies to for-profit businesses that conduct business in Delaware or produce products or services targeted to Delaware residents, and that during a calendar year: - Process the personal data of at least **35,000 Delaware consumers**, or - Process the personal data of at least **10,000 Delaware consumers** and derive more than **20 percent of gross revenue** from the sale of personal data. The DPDPA does not have a minimum annual revenue threshold, making it potentially relevant to a wider range of businesses than under laws like those in California and other states. ### What rights do Delaware residents have under the DPDPA? Delaware consumers have the right to: - **Know** whether personal data is being processed about them and receive confirmation - **Access** a copy of their personal data - **Correct** inaccuracies in their personal data - **Delete** personal data collected about them (with exceptions) - **Data portability** to receive their data in a portable, readily usable format - **Opt out** of the sale of personal data, targeted advertising, and certain profiling - **Non-discrimination** for exercising their privacy rights - **Restrict** collection or use of sensitive personal information For consumers under the age of 13, a parent or guardian must provide consent before personal data is collected. Controllers are prohibited from processing personal data of consumers between the ages of 13 and 17 for targeted advertising or selling such data without the consumer's consent. Covered businesses must provide clear, accessible ways for consumers to exercise these rights. ### What are the penalties for violating the DPDPA? The Delaware Attorney General enforces the DPDPA. The Department of Justice has discretion over whether to issue a notice of violation, but if it does, businesses are guaranteed at least 60 days to cure before enforcement action may follow, including civil penalties up to USD 10,000 per violation. There is no private right of action under the DPDPA. ### What notices are required under the DPDPA? Covered businesses must provide a clear and accessible privacy notice that explains: - Categories of personal data collected and processed - Purposes of processing - Categories of personal data shared with third parties (if any) - Categories of recipients of personal data (if any) - How consumers can exercise their data privacy rights, including opt-out - How consumers can appeal a controller's decision (e.g. denial of a data subject access request) - An active email address or other "secure and reliable" digital mode of contact for the controller - Clear and conspicuous disclosure if the controller sells personal data or uses it for targeted purposes ### Does the DPDPA apply to my business if I'm not based in Delaware? Potentially, yes. The DPDPA applies to businesses that target Delaware residents or offer products and services to them, even if the business is headquartered elsewhere. What matters is whether you process the personal data of Delaware consumers above the applicable thresholds, not where your company is located. ### What is considered sensitive personal data under the DPDPA? Businesses must obtain opt-in consent before processing sensitive personal data. The DPDPA defines sensitive personal data to include: - Racial or ethnic origin - Religious beliefs - Mental or physical health condition or diagnosis (including pregnancy) - Sex life or sexual orientation - Status as transgender or nonbinary - National origin - Citizenship or immigration status - Genetic or biometric data - Personal data of a known child - Precise geolocation data (with precision and accuracy within a radius of 1,750 feet) --- ## Products - [Usercentrics Web CMP](https://usercentrics.com/website-consent-management/) - [Usercentrics App CMP](https://usercentrics.com/in-app-sdk/) - [Usercentrics CTV CMP](https://usercentrics.com/usercentrics-ctv-cmp/) - [Privacy Policy Generator](https://usercentrics.com/privacy-policy-generator/) - [Server-side Tagging Solution](https://usercentrics.com/server-side-tracking-solution/) - [Preference Manager](https://usercentrics.com/preference-management/) - [Audience Unlocker](https://usercentrics.com/audience-unlocker/) - [Integrations](https://usercentrics.com/integrations/) - [Web Compliance Scan](https://usercentrics.com/privacy-compliance-scanner/) - [App Compliance Scan](https://usercentrics.com/app-data-privacy-audit/) - [ROAS Calculator](https://usercentrics.com/roas-calculator/) ## Solutions - [Data Privacy Regulatory Compliance](https://usercentrics.com/data-privacy-regulatory-compliance/) - [Marketing Performance Optimization](https://usercentrics.com/marketing-performance-optimization/) - [Migration](https://usercentrics.com/migration/) - [Media & Publishing](https://usercentrics.com/media-publishing/) - [Retail & Ecommerce](https://usercentrics.com/retail-ecommerce/) - [Banking, Finance & Insurance](https://usercentrics.com/banking-finance-insurance/) - [Healthcare & Pharmaceuticals](https://usercentrics.com/healthcare-pharmaceuticals/) - [Gaming](https://usercentrics.com/gaming/) - [Education](https://usercentrics.com/education/) - [Automotive](https://usercentrics.com/automotive/) - [Travel & Hospitality](https://usercentrics.com/travel/) ## Regulations & Frameworks - [GDPR (EU)](https://usercentrics.com/gdpr/) - [GDPR (UK)](https://usercentrics.com/uk-gdpr/) - [CCPA (California)](https://usercentrics.com/ccpa/) - [TCF v2.3 (IAB)](https://usercentrics.com/cmp-for-publishers/) - [DMA (EU)](https://usercentrics.com/digital-markets-act-dma/) - [Amazon Consent Signal](https://usercentrics.com/usercentrics-cmp-and-amazon-consent-signal/) - [Google Consent Mode (EU)](https://usercentrics.com/usercentrics-cmp-and-google-consent-mode-v2/) - [Microsoft UET Consent Mode (EU)](https://usercentrics.com/usercentrics-cmp-and-microsoft-consent-mode/) - [Microsoft Clarity Consent Mode](https://usercentrics.com/usercentrics-cmp-and-microsoft-clarity-consent-mode/) - [View all regulations](https://usercentrics.com/regulations-and-frameworks/) ## Resources - [Blog](https://usercentrics.com/knowledge-hub/) - [Whitepapers](https://usercentrics.com/whitepapers/) - [Checklists](https://usercentrics.com/checklists/) - [Courses](https://courses.usercentrics.com/) - [Case Studies](https://usercentrics.com/case-studies/) - [Privacy-Led Marketing](https://usercentrics.com/privacy-led-marketing/) - [Events](https://usercentrics.com/webinar/) - [CONSENTED Podcast](https://usercentrics.com/consented/) - [Guides](https://usercentrics.com/guides/) - [Release Notes](https://releases.usercentrics.com/en) - [Developer Documentation](https://usercentrics.com/docs/) - [RFI Template](https://usercentrics.com/resources/usercentrics-rfi-template/) - [Customer Directory](https://usercentrics.com/usercentrics-customer-directory/) ## Company - [About Us](https://usercentrics.com/about-us/) - [Press](https://usercentrics.com/press/) - [Our Offices](https://usercentrics.com/contact/) - [Trust Center](https://trust.usercentrics.com/) - [Careers](https://usercentrics.com/career/) - [Open Positions](https://apply.workable.com/usercentrics/) - [Diversity & Inclusion](https://usercentrics.com/dei/) ## Support - [General Support](https://support.usercentrics.com/hc/en-us) - [Contact Sales](https://usercentrics.com/book-a-consultation/) - [Technical Support](https://support.usercentrics.com/hc/en-us/requests/new) - [Billing & Account](https://support.usercentrics.com/hc/en-us/categories/12253804608156-Account-and-billing) - [Suggest a Feature](https://support.usercentrics.com/hc/en-us/requests/new?ticket_form_id=10610312381340) - [Partner Login](https://partnerportal.usercentrics.com/) - [Partner Program](https://usercentrics.com/partner-program-overview/) - [Affiliate Program](https://usercentrics.com/affiliates/) ## Legal - [Terms & Conditions](https://usercentrics.com/terms-and-conditions/) - [Terms & Conditions USA](https://usercentrics.com/terms-and-conditions-usa/) - [Privacy Policy](https://usercentrics.com/privacy-policy/) - [Legal Notice](https://usercentrics.com/legal-notice/) - [Legal Documents](https://usercentrics.com/legal-documents/) - [Accessibility Statement](https://usercentrics.com/accessibility-statement-wcag-compliance/) © 2026 Usercentrics GmbH