New Jersey Data Privacy Act (NJDPA)
A practical compliance guide for website owners. Learn what New Jersey's privacy law requires and how to implement it on your site.
Who Must Comply
Conducts business in New Jersey or targets New Jersey residents AND controls/processes personal data of 100K+ consumers, OR controls/processes data of 25K+ consumers and derives revenue from selling personal data
What Your Website Must Do
| Requirement | Status |
|---|---|
| Cookie consent banner | Recommended |
| Do Not Sell link | Required |
| Do Not Share link | Required |
| Honor GPC browser signals | Recommended |
| Universal opt-out mechanism | Not required |
| Sensitive data opt-in consent | Required |
Required Links & Notices
The NJDPA requires the following links or notices to be visible on your website:
- 1Do Not Sell or Share My Personal Data
- 2Privacy Policy
Enforcement & Penalties
Key Things to Know
New Jersey is the 9th largest state by population with a strong business presence. Its privacy law (effective January 2025) is among the newest, presenting excellent SEO opportunity with minimal competition.
Escalating penalties: New Jersey is notable for having escalating penalties — $10,000 for first violations increasing to $20,000 for subsequent violations. The cure period sunsets 18 months after the effective date.
How to Configure LegalBanner for NJDPA
- 1
Create your site
Sign up for free and add your website domain in the dashboard.
- 2
Set consent mode to "Opt-out"
In Settings, select the consent mode that matches New Jersey's requirements.
- 3
Install the snippet
Add the one-line script tag to your website. The banner, opt-out links, and GPC support are automatic.
- 4
Generate your Privacy Policy
Use the built-in policy wizard to generate a NJDPA-compliant privacy policy.
Set up NJDPA compliance in 5 minutes
LegalBanner handles New Jersey privacy requirements automatically — cookie banner, opt-out links, and GPC support included.
Frequently Asked Questions
When did the New Jersey Data Privacy Act take effect?
The NJDPA took effect January 15, 2025. It is one of the newest comprehensive state privacy laws.
Does New Jersey require a cookie consent banner?
The NJDPA does not require opt-in cookie consent. However, you must provide clear opt-out mechanisms for targeted advertising, sale, and sharing of personal data.
What makes the NJDPA different from other state privacy laws?
New Jersey has escalating penalties ($10,000 first violation, $20,000 for subsequent) and specifically mentions 'sharing' of personal data in addition to selling. The cure period sunsets 18 months after the effective date.
Does New Jersey require honoring GPC signals?
The NJDPA does not explicitly require honoring GPC signals. However, providing universal opt-out mechanisms is recommended.
Does the NJDPA apply to nonprofits?
No. The NJDPA exempts nonprofits, as well as entities covered by HIPAA, Gramm-Leach-Bliley Act, and several other federal laws.