Templates Compliance Regulatory Data Protection Impact Assessment (DPIA) (NJ)
New Jersey Compliance Regulatory
Blank Document PRO
From Template
Upload Document Word (.docx) & Markdown files
PRO
Data Protection Impact Assessment (DPIA) (NJ)
Ready to Edit
Data Protection Impact Assessment (DPIA) (NJ) - Free Editor

DATA PROTECTION IMPACT ASSESSMENT (DPIA) (State overlay: NJ)

1. Project Overview

  • Project name/ID: [name]; owner: [business owner]; sponsor: [executive].
  • Purpose and objectives: [describe]; Timeline: [dates].

2. Scope of Processing

  • Data subjects: [customers/employees/vendors/end users].
  • Personal data categories: [contact, IDs, financial, location, biometric, health, minors].
  • Sensitive data (NJDPA): ☐ Racial/ethnic origin; ☐ Religious beliefs; ☐ Mental/physical health diagnosis; ☐ Sexual orientation; ☐ Citizenship/immigration; ☐ Genetic/biometric; ☐ Child (under 13); ☐ Precise geolocation. Opt-in consent required.
  • Volume/retention: [records/year], [retention per purpose].
  • Processing: [collection, storage, analysis, sale].

3. Legal Basis, Notices, and Rights

  • Primary law: New Jersey Data Privacy Act (NJDPA), effective Jan 15, 2025; draft regs June 2, 2025 (final expected 2026).
  • Thresholds: 100,000+ consumers OR 25,000+ + derives money from sales. NO revenue minimum. Applies to nonprofits.
  • Exemptions: GLBA (activities), HIPAA (PHI), government.
  • Rights: Confirm/access, correct, delete, portability, opt-out of sale/targeted ads/profiling. Response: 45 days + extension.
  • 2026: Universal opt-out required by July 15, 2025. Cure sunsets July 16, 2026 (18 months post-effective); after that, cure at AG discretion.
  • DPA: Required for heightened risk (details in 2026 regulations).

4-7. [Data Flow, Security, Risks, Mitigations - Standard sections]

8. Breach Notification

  • Statute: N.J. Stat. § 56:8-163 (2005, effective 2006; amended 2019).
  • Timeline: "Most expedient time without unreasonable delay." Report to NJ State Police before consumer notice. If 1,000+, notify CRAs.
  • Triggers: Unauthorized access compromising security/confidentiality. PI = name + (SSN, DL, financial, medical).
  • Exception: No notice if misuse not reasonably possible; document 5 years.

9. State Overlay Checklist (NJ)

  • Applicability: 100,000+ or 25,000+ + sales revenue. NO revenue minimum. Applies to nonprofits.
  • Sensitive: 8 categories with opt-in.
  • Universal opt-out by July 15, 2025 (Global Privacy Control, etc.).
  • Cure sunsets July 16, 2026: After that, at Division discretion.
  • DPA: Heightened risk activities (regs expected 2026).
  • Breach: State Police before consumers; most expedient time; 1,000+ = CRA. Exception if no reasonable misuse (doc 5 years).
  • Children: Under 13 is sensitive. COPPA compliance.
  • Penalties: $10,000 first; $20,000 subsequent. AG only. No private action.

10-11. [Approvals & Attachments]

AI Legal Assistant

Welcome to Data Protection Impact Assessment (DPIA) (NJ)

You're viewing a professional legal template that you can edit directly in your browser.

What's included:

  • Professional legal document formatting
  • New Jersey jurisdiction-specific content
  • Editable text with legal guidance
  • Free DOCX download

Upgrade to AI Editor for:

  • 🤖 Real-time AI legal assistance
  • 🔍 Intelligent document review
  • ⏰ Unlimited editing time
  • 📄 PDF exports
  • 💾 Auto-save & cloud sync