GDPR COMPLIANCE NOTICE
Hello visitors. This is the site's notice of compliance with the GDPR. This is not the complete document. You can find a copy online with a google search. Please read thoroughly and completely.
Within this notice you will find:
A description of the GDPR.
The list of articles, with each title highlighted in color.
A description of requirements that apply to this particular site written as paragraphs following the titles.
My efforts to comply and protect you as a patron of my site also highlighted in color.
To begin, the GDPR, (the acronym stands for, "General Data Protection Regulation") is a revision of the "Data Protection Directive". Established in the UK, and formalized in Spring 2018, the GDPR, is a document of regulations that companies operating within the UK are expected to utilize as a guide with the purpose of protecting the data of the citizens of the UK. There are 11 Chapters and 99 Articles within the formal GDPR. I am going to highlight a few of the articles that best describe my obligations.
Below are the articles I chose. I selected these articles because they give an easy, generalized view of the GDPR.
Articles 17 & 18, require that data owners are given notice of their rights, stipulated by both, "The Right of Portability", and "The Right of Erasure" regulations. These regulations allow the owner of automatically acquired data, to regulate how their data is shared with other sites, and also when their data is deleted from a sites' database. The authorized owner of such data can request that their data is not forwarded to an affiliate site or service that is offered on my site. They should be provided the opportunity to personally transfer their own data to other sites and services. (This notice is the offer to transfer your own data). If you prefer to exercise this right please do so with a request in writing. The site's business email is email@example.com. This concludes the description for, "The Right of Portability".
"The Right of Erasure" regulation entitles data owners the right to appoint a controller, or data protection officer to erase personal data from a site's data base. For this site, I will be acting as the sole controller, and all requests will be processed by me. As the site's administrator, I am a preauthorized officer, with the required access, and knowledge to properly process a request to delete personal data. I will notify each visitor personally once the data is successfully deleted. This will be done only once a request by the data owner is made to me in writing. The process itself will be completed with preinstalled software, that is available as part of the site's editing structure, and with software that is provided by my data collection service, (this feature is available specifically for deleting data). If no requests are made, your data will remain stored within our database for an unspecified retention period.
Articles 22 & 30, require safety measures are taken to prevent data loss and unauthorized exposure. This will prevent the risks associated with unauthorized use of personal data, (fraudulent use of personal data), and the misuse of personal data, (incomplete or inaccurate data that is used by me and stored in our database. The site is regularly monitored and updated by me, to ensure the accuracy of the information within our database. Also, my site is equipped with a security certificate that makes sure your data is securely transferred whenever you share it with my site. Also as the site's administrator, I am the only person who has access to your information, so there is no risk of exposure by other personnel.
Articles 31 & 32, require all security breaches to be reported to supervising authorities and affected data owners. Article 31's regulation: requires reports be made within 72 hours to a supervising authority, (my DNS service provider). The report should include, the number of all persons affected, when, and how the breach occurred.
Articles 32's regulation requires data breaches are reported directly to subjected patrons as soon as possible if the breach places them at risk. I will notify each visitor personally through email if such an event occurs.
Article 45, extends the responsibility of compliance to the GDPR, to companies that operate outside of the UK. This includes our site because we are based within the US, and plan on receiving interaction from citizens of the UK. Originally created for companies operating within the UK only, the GDPR requires any entity that collects data from a UK citizen, whether in the UK or another country is bound by the rules of the GDPR. As a small site, I personally work to secure the data of all my visitors. I will continually do so with a genuine concern for the safety of visitors' data by referencing updates to the GDPR, updating my site, and this notice.
These articles complete my notice to comply with the GDPR. If you have any questions or concerns, please contact me.
Attn: Blogger 2020
c/o Jonnique Mckinney