Skip to Main Content

Legal Alert

Preparing Your Company for the Minnesota Consumer Data Privacy Act (MCDPA)

May 30, 2025

The Minnesota Consumer Data Privacy Act (MCDPA or Act) is set to take effect on July 31, 2025, introducing significant new data privacy obligations for many businesses and enhanced rights for Minnesota residents (referred to as “consumers”).

I. Understanding the MCDPA: Key Takeaways

Broad Applicability: The MCDPA applies to entities conducting business in Minnesota or targeting products/services to Minnesota consumers if they meet one of these thresholds annually:

  • Control or process the personal data of 100,000 or more Minnesota consumers; or
  • Derive over 25% of gross revenue from the sale of personal data and process or control the personal data of 25,000 or more Minnesota consumers.

Important Exemptions & Inclusions:

  • While certain entities like government bodies, federally recognized Indian tribes, and some financial institutions are exempt, most non-profit organizations are covered by the MCDPA.
  • There is no general entity-level exemption for HIPAA covered entities or business associates, though data regulated by HIPAA is exempt.
  • Enhanced Consumer Rights: Minnesota consumers will gain several rights, including the right to access their personal data; to correct inaccurate personal data; to delete their personal data; to obtain a portable copy of their data; and to opt out of the sale of personal data, targeted advertising, and certain profiling.

Explicit Consent for Sensitive Data: Businesses must obtain explicit consumer consent before processing “sensitive data,” which includes racial or ethnic origin, religious beliefs, health conditions, sexual orientation, and a known child's data.

II. Key Business Obligations Under the MCDPA

Controllers (businesses that determine the purposes and means of processing personal data) have several significant responsibilities, including:

  • Transparency and Privacy Notices
  • Data Governance and Security
  • Consumer Request Handling & Appeals
  • Data Privacy and Protection Assessments (DPPAs)
  • Processor Contracts
  • Non-Discrimination

III. PROMPT ACTION IS REQUIRED: Preparing Your Business for the MCDPA

With the July 31, 2025, deadline approaching, and penalties of up to $7,500 per violation, prompt action is crucial.

We Can Help

We can help you understand the MCDPA's specific impact on your business and develop a tailored compliance roadmap. Specifically,

  • Applicability Assessment: Determine if and how the MCDPA applies to your business.
  • Data Security: Guide you on establishing, implementing, and maintaining reasonable administrative, technical, and physical data security practices.
  • Data Mapping & Inventory: Help you identify the personal data you collect, process, and store.
  • Gap Analysis: Compare your current data practices, policies, and procedures against MCDPA requirements.
  • Policy & Notice Updates: Draft or revise privacy policy, internal policies, and data handling procedures.
  • Consumer Rights Infrastructure: Help you develop and implement systems for receiving, authenticating, and responding to consumer rights requests and appeals within the mandated timelines.
  • Vendor Contract Review: Guide you through the process of updating your data processing agreements with all third-party vendors (processors).
  • DPPA Implementation: Help establish a process for conducting and documenting DPPAs for required processing activities.
  • Staff Training: Train your employees on MCDPA requirements and your updated policies and procedures.

DISCLAIMER

Thank you for your interest in contacting us by email.

Please do not submit any confidential information to Maslon via email on this website. By communicating with us we are not establishing an attorney-client relationship, and information you submit will not be protected by the attorney-client privilege and cannot be treated as confidential. A client relationship will not be formed until we have entered into a formal agreement. You should also be aware that we may currently represent parties whose interests may be adverse to yours, and we reserve the right to continue to represent them notwithstanding any communication we receive from you.

If you would like to discuss possible representation, please call one of our attorneys directly or use our general line (p 612.672.8200). We can then fully discuss our intake procedures and, if appropriate, introduce you to an attorney suited to assist with your matter. Alternatively, you may send us an email containing a general inquiry subject to these terms.

If you accept the terms of this notice and would like to send an email, click on the "Accept" button below. Otherwise, please click "Decline."

MEDIA INQUIRIES

We welcome the opportunity to assist you with your media inquiry. To ensure we do so properly and promptly, please feel free to contact our representative below directly by phone or via the email option provided. We look forward to hearing from you.

Emily Gurnon, Marketing Communications Manager | Office: 612.672.8251 | Mobile: 651.785.3616

EMAIL DISCLAIMER

This email is intended for use by members of the media only.

Please do not submit any confidential information to Maslon via email on this website. By communicating with us we are not establishing an attorney-client relationship, and information you submit will not be protected by the attorney-client privilege and cannot be treated as confidential. A client relationship will not be formed until we have entered into a formal agreement. You should also be aware that we may currently represent parties whose interests may be adverse to yours, and we reserve the right to continue to represent them notwithstanding any communication we receive from you.

If you would like to discuss possible representation, please call one of our attorneys directly or use our general line (p 612.672.8200). We can then fully discuss our intake procedures and, if appropriate, introduce you to an attorney suited to assist with your matter. Alternatively, you may send an email containing a general inquiry subject to these terms.

If you are a member of the media, accept the terms of this notice, and would like to send an email, click on the "Accept" button below. Otherwise, please click "Decline."