Delaware Personal Data Privacy Act (DPDPA)
A practical compliance guide for website owners. Learn what Delaware's privacy law requires and how to implement it on your site.
Who Must Comply
Conducts business in Delaware or targets Delaware residents AND controls/processes personal data of 35K+ consumers (excl. payment transactions), OR controls/processes data of 10K+ consumers and derives 20%+ of gross revenue from selling personal data
What Your Website Must Do
| Requirement | Status |
|---|---|
| Cookie consent banner | Recommended |
| Do Not Sell link | Required |
| Do Not Share link | Required |
| Honor GPC browser signals | Recommended |
| Universal opt-out mechanism | Not required |
| Sensitive data opt-in consent | Required |
Required Links & Notices
The DPDPA requires the following links or notices to be visible on your website:
- 1Do Not Sell or Share My Personal Data
- 2Privacy Policy
Enforcement & Penalties
Key Things to Know
Delaware's privacy law is one of the more consumer-friendly state laws. It has lower thresholds (35K consumers or 10K + 20% revenue), covers "sharing" in addition to "selling" of personal data, and the cure period sunsets in December 2025.
Broad scope: Delaware's low thresholds and inclusion of data "sharing" make it applicable to more businesses than many other state laws. The 20% revenue threshold (vs. 25-50% in other states) further expands coverage.
Notable: Delaware applies to data processors in addition to controllers, and the cure period sunset means direct enforcement begins in 2026.
How to Configure LegalBanner for DPDPA
- 1
Create your site
Sign up for free and add your website domain in the dashboard.
- 2
Set consent mode to "Opt-out"
In Settings, select the consent mode that matches Delaware's requirements.
- 3
Install the snippet
Add the one-line script tag to your website. The banner, opt-out links, and GPC support are automatic.
- 4
Generate your Privacy Policy
Use the built-in policy wizard to generate a DPDPA-compliant privacy policy.
Set up DPDPA compliance in 5 minutes
LegalBanner handles Delaware privacy requirements automatically — cookie banner, opt-out links, and GPC support included.
Frequently Asked Questions
When did the Delaware DPDPA take effect?
The DPDPA took effect January 1, 2025.
What are the thresholds for the Delaware law?
35,000+ consumers (excluding payment transactions) or 10,000+ consumers with 20%+ revenue from data sales. These are among the lowest thresholds nationally.
Does Delaware cover data 'sharing' in addition to 'selling'?
Yes. Delaware covers both sale and sharing of personal data, similar to California. This broader scope means more data practices are covered.
Does Delaware require honoring GPC signals?
The DPDPA does not currently require honoring GPC signals, but implementing GPC support is recommended.
What are the penalties for DPDPA violations?
Up to $10,000 per violation. The 60-day cure period sunsets in December 2025, after which the AG can take direct enforcement action.