On January 16, 2025, New Jersey’s Data Protection Act (“NJDPA” or the “Act”) went into effect, making New Jersey the nineteenth state to adopt a comprehensive data privacy law. The opportunity to cure any defects under the law will sunset on July 1, 2026. Therefore, it is critical that covered entities, or “controllers” of personal data, act now to ensure compliance with the law’s requirements as outlined more fully in this article.

To Whom Does the Law Apply?

The NJDPA applies to companies that: