Templates Compliance Regulatory Data Protection Impact Assessment (DPIA) (NH)
New Hampshire Compliance Regulatory
Blank Document PRO
From Template
Upload Document Word (.docx) & Markdown files
PRO
Data Protection Impact Assessment (DPIA) (NH)
Ready to Edit
Data Protection Impact Assessment (DPIA) (NH) - Free Editor

DATA PROTECTION IMPACT ASSESSMENT (DPIA) (State overlay: NH)

1. Project Overview

  • Project name/ID: [name]; owner: [business owner]; sponsor: [executive].
  • Purpose and objectives: [describe]; Timeline: [dates].

2. Scope of Processing

  • Data subjects: [customers/employees/vendors/end users].
  • Personal data categories: [contact, IDs, financial, location, biometric, health, minors].
  • Sensitive data (NHPA): ☐ Racial/ethnic origin; ☐ Religious beliefs; ☐ Mental/physical health; ☐ Sex life; ☐ Sexual orientation; ☐ Citizenship/immigration; ☐ Genetic/biometric; ☐ Child (under 13); ☐ Precise geolocation (1,750 ft). Opt-in consent required.
  • Volume/retention: [records/year], [retention per purpose].
  • Processing: [collection, storage, analysis, sale].

3. Legal Basis, Notices, and Rights

  • Primary law: New Hampshire Privacy Act (NHPA), effective July 1, 2024.
  • Thresholds: 35,000+ unique NH consumers (excl. payment-only) OR 10,000+ + >25% revenue from sale. NO revenue minimum.
  • Exemptions: GLBA, HIPAA (PHI), higher ed, nonprofits, government, tribal.
  • Rights: Confirm/access, correct, delete, portability, opt-out of sale/targeted ads/profiling. Response: 45 days + 45-day extension.
  • 2026: 60-day cure ends Dec 31, 2025. After Jan 1, 2026, cure at AG discretion (factors: violation count, size, harm, error type).
  • DPA: Required for targeted ads, sales, profiling, sensitive data. Prospective only (post July 1, 2024).

4-7. [Data Flow, Security, Risks, Mitigations - Standard sections]

8. Breach Notification

  • Statute: RSA 359-C:20; private right of action exists.
  • Timeline: "As soon as possible" after determining misuse occurred/likely.
  • Notify AG (or regulator). If 1,000+, notify consumer reporting agencies.
  • Content: Description, date, PI types, contact info.

9. State Overlay Checklist (NH)

  • Applicability: 35,000+ or 10,000+ + >25% sale. NO revenue minimum.
  • Sensitive: 9 categories with opt-in (includes sex life, 1,750 ft geolocation).
  • Cure sunset Jan 1, 2026: Discretionary after (violation count, size, harm, error).
  • DPA: Targeted ads, sales, profiling, sensitive. Prospective (post 7/1/24).
  • Breach: ASAP; AG/regulator + CRA if 1,000+. Private right of action.
  • Children: Under 13 is sensitive. COPPA compliance.
  • Penalties: Up to $10,000/violation. AG + private action.

10-11. [Approvals & Attachments]

AI Legal Assistant

Welcome to Data Protection Impact Assessment (DPIA) (NH)

You're viewing a professional legal template that you can edit directly in your browser.

What's included:

  • Professional legal document formatting
  • New Hampshire jurisdiction-specific content
  • Editable text with legal guidance
  • Free DOCX download

Upgrade to AI Editor for:

  • 🤖 Real-time AI legal assistance
  • 🔍 Intelligent document review
  • ⏰ Unlimited editing time
  • 📄 PDF exports
  • 💾 Auto-save & cloud sync