Starting January 1, 2025, several new state privacy laws will come into effect, introducing stricter regulations on data collection and protection. Businesses operating in these states or targeting their residents must prepare for compliance to avoid penalties.

The states introducing these laws are:

• Delaware: Delaware Personal Data Privacy Act (DPDPA)
• Iowa: Iowa Consumer Data Protection Act (ICDPA)
• Nebraska: Nebraska Data Privacy Act (NDPA)
• New Hampshire: New Hampshire Data Privacy Law (NHPA)
• New Jersey: New Jersey Data Privacy Act (NJDPA)

Who Must Comply?

If your business operates in or targets residents of these states, compliance is essential. Each law has specific criteria based on consumer data volume and revenue sources.  Here’s a breakdown:

Delaware Personal Data Privacy Act (DPDPA)

Your business must comply if, during the preceding calendar year, you:

a/ Processed personal data of at least 35,000 consumers, excluding data for payment transactions.

b/ Processed personal data of at least 10,000 consumers and generated over 20% of gross revenue from selling personal data.

Iowa Consumer Data Protection Act (ICDPA)

Compliance applies if, during a calendar year, you:

a/ Process personal data of at least 100,000 consumers.

b/ Process personal data of at least 25,000 consumers and derive over 50% of gross revenue from selling personal data.

Nebraska Data Privacy Act (NDPA)

You must comply if you:

a/ Process or sell personal data.

b/ Do not qualify as a "small business" under the federal Small Business Act.

New Hampshire Data Privacy Law (NHPA)

Compliance applies if, during a calendar year, you:

a/ Process personal data of at least 35,000 consumers, excluding data for payment transactions.

b/ Process personal data of at least 10,000 consumers and derive over 25% of gross revenue from selling personal data.

New Jersey Data Privacy Act (NJDPA)

Your business must comply if, during a calendar year, you:

a/ Process personal data of at least 100,000 consumers, excluding data for payment transactions.

b/ Process personal data of at least 25,000 consumers and derive revenue or discounts from selling personal data.

How XaaSWare Can Help

Navigating recent legal changes necessitates a strategic approach to compliance. At XaaSWare, we focus on providing expertise in the following areas:

• Implementing privacy-first data management solutions.
• Streamlining compliance frameworks like DORA (Digital Operational Resilience Act) and CCPA (California Consumer Privacy Act) to ensure operational security.
• Enhancing data governance and automating reporting systems for legal obligations.

Next Steps for Your Business

As new laws are set to be implemented, it is important for businesses to take proactive steps towards compliance. XaaSWare’s team of compliance experts is available to assist your business in navigating these changes by providing guidance in the following areas:



• Auditing your current data practices.
• Implementing technology solutions to align with state requirements.
• Training your team on privacy best practices.

Don’t let compliance become a hurdle—turn it into a competitive advantage.

Need Assistance?

Explore our Privacy Compliance Services or connect with a XaaSWare expert today.  Let us help you stay ahead of the curve.