Nebraska Data Privacy Act (NDPA)
A practical compliance guide for website owners. Learn what Nebraska's privacy law requires and how to implement it on your site.
Who Must Comply
Conducts business in Nebraska or targets Nebraska residents AND is not a small business as defined by the SBA (applies regardless of consumer volume thresholds)
What Your Website Must Do
| Requirement | Status |
|---|---|
| Cookie consent banner | Recommended |
| Do Not Sell link | Required |
| Do Not Share link | Not required |
| Honor GPC browser signals | Recommended |
| Universal opt-out mechanism | Not required |
| Sensitive data opt-in consent | Required |
Required Links & Notices
The NDPA requires the following links or notices to be visible on your website:
- 1Privacy Policy
Enforcement & Penalties
Key Things to Know
Nebraska's privacy law is unique in that it has no consumer volume threshold — it applies to all businesses that are not "small businesses" as defined by the SBA. This makes it one of the broadest state privacy laws by applicability.
Broadest scope: Unlike every other state privacy law, Nebraska does not require processing data of a minimum number of consumers. If you are not an SBA-defined small business and you process any Nebraska resident data, the law applies.
Cure period sunset: The 30-day cure period sunsets in January 2026, after which the AG can proceed directly to enforcement.
How to Configure LegalBanner for NDPA
- 1
Create your site
Sign up for free and add your website domain in the dashboard.
- 2
Set consent mode to "Opt-out"
In Settings, select the consent mode that matches Nebraska's requirements.
- 3
Install the snippet
Add the one-line script tag to your website. The banner, opt-out links, and GPC support are automatic.
- 4
Generate your Privacy Policy
Use the built-in policy wizard to generate a NDPA-compliant privacy policy.
Set up NDPA compliance in 5 minutes
LegalBanner handles Nebraska privacy requirements automatically — cookie banner, opt-out links, and GPC support included.
Frequently Asked Questions
Why is Nebraska's privacy law unique?
Nebraska is the only state with no consumer volume threshold. It applies to all non-small businesses operating in Nebraska or targeting Nebraska residents, regardless of how many consumers' data they process.
What defines a 'small business' exemption?
Nebraska uses the SBA (Small Business Administration) definition, which varies by industry based on annual revenue or number of employees. Generally, this covers businesses with fewer than 500 employees or under specific revenue thresholds.
Does Nebraska require a cookie consent banner?
No. Nebraska does not require opt-in cookie consent. You must provide opt-out mechanisms for targeted advertising and sale of personal data.
Does Nebraska require honoring GPC signals?
No. Nebraska does not require honoring GPC or universal opt-out mechanisms.
What are the penalties for NDPA violations?
Up to $7,500 per violation. The 30-day cure period sunsets in January 2026.