Delaware Personal Data Privacy Act

What is DPDPA?


The Delaware Personal Data Privacy Act (DPDPA) is a significant piece of legislation currently in its early stages. While it will not be in effect until January 1, 2025, it’s better to learn about it sooner rather than later.

DPDPA applies to businesses that conduct business in Delaware, and

  • Control or process the personal data of at least 10,000 Delaware residents (excluding data solely for payment transactions) or

  • Control or process data of at least 10,000 Delaware residents and derive more than 25% of gross revenue from selling personal data.

Under the legislation, Delaware residents are granted various rights concerning their personal data, including:

  • Right to access and correct personal data.
  • Right to deletion of personal data under certain circumstances.
  • Right to opt out of the sale of personal data.
  • Right to opt out of targeted advertising.
  • Right to obtain a portable copy of their personal data.

Similar to the trend set by other US states, the Delaware privacy law emposes requirements on businesses, including:

  • Implementing and maintaining reasonable security measures to protect personal data.
  • Implementing data minimization.
  • Limiting the purposes of processing.
  • Obtaining explicit consent for processing sensitive data.
  • Conducting data protection assessments for risky processing activities.
  • Responding to consumer requests within a reasonable timeframe.
  • Disclosing data collection and processing practices in a clear and accessible privacy notice.
  • Providing consumers with tools for opting out and honoring their requests.

MergeBase and DPDPA


Our current data protection and security measures exceed the requirements of the Delaware legislation despite the fact that it won’t apply to us due to the high applicability thresholds.

Should our circumstances evolve to meet those thresholds, compliance with the law would be seamlessly achieved with our existing protocols.


How Can MergeBase Help You Comply with the DPDPA?


Once you’ve identified your organization’s optimal data security strategies, MergeBase stands ready to enhance your efforts with continuous system monitoring, vulnerability prioritization, and patch management integration, among others. This forward-thinking strategy allows organizations to tackle potential threats preemptively, solidifying their dedication to robust data security.

MergeBase excels in identifying and categorizing vulnerabilities within open-source elements of applications that handle personal data. If left unaddressed, these vulnerabilities could lead to unauthorized access, disclosure, or alteration, undermining the security standards mandated by the legislation.

In addition, our reports are crafted for effortless integration with your patch management systems, streamlining the process of addressing vulnerabilities and effectively shrinking the timeframe during which your personal data is at risk.

While this methodology may not resolve every compliance challenge, it substantially strengthens the foundation of your data security framework.