Search Tip: How to find information on corporate web pages?

There are situations when searching the site does not produce results, in this case, if indexing is not prohibited by the site itself, for example, by robots.txt file (here’s one of them and by generated data on request, you can use a search engine, for example google, believe me it works much better then native one.

And what to do when there are a lot of sites and they are corporate, i.e. the only difference is in the top level domain name (.lv, .lt. .ee, ru). For such a situation, I recommend using the same convenient search engine, but supplementing the search query, for example with such a query: (by sign * – asterisk replacing domain name)

that-what-we-are-looking-for site: bureauveritas. *

So, using this search, you can fully use the full range of services provided by an international company, regardless of your location. And if the work is not performed by the local office, then they can be ordered in another country of the same company! Take care of time and money resources!

Attributes of personal data: identifiers and factors

In order to determine the legislation that must be observed, first find out whether your activity is subject to a specific law.

When it comes to GDPR, it is difficult to imagine a company, especially in European Union, which will not be the focus of this law. However, not all that the company does with the data will be considered the processing of personal data.

Definitely, any information relating to the identified person is personal data. Questions may arise with information that relates to a person who can be identified (identifiable person). Indeed, even pseudonymised data fall under this category.

Personal data definition from GDPR

It is necessary to properly classify data that can form only individual attributes, but not be personal data, and this is the identifier and factor (s). The law gives a general idea of ​​these attributes. But it determines the critical mass of these attributes after the accumulation of which the data becomes personalized.

In the preamble to the law, it is asked for a rational approach in the possibility of transferring data to the category of personal data. So be rational indeed!

EDPB and EDPS – feel the difference

As a result of a small analysis, I discovered two sources in the field of data protection, and these are two European structures differing only in one letter of four: EDPB and EDPS, which means Board and Superviser, respectively. But it is no the sole difference.

EDPB is based on the so-called Article 29 Working Party. The results of their work consist in the interpretation of the law on the protection of personal data, previously a directive, and now a regulation known as GDPR.

A number of works of Article 29 Working Party were taken over and can be used at the present time, some of them remain historical documents. Now, for me at least, their expected documents are related to certification and codes of conduct.

EDPS is another structure that I understand provides among other functions the administration of the Board. But which in its functions also covers the work of European structures in the field of personal data security under a separate law, as well as actively follow the technologies and, accordingly, the data in the broad sense of the word, not only personal data. Here is one of the published work of this structure of Smart glasses and data protection.

Multi-factor authentication for two most main resources (risk alarm)

It is difficult to realize, but at the moment there is an imperceptible revaluation of values. In which the mobile phone begins to play a very indispensable role. Those qualities and those properties that we use and which have been ousted from the world of things, for example, a clock, a camera, a voice recorder, a notebook, a flashlight, etc., are complemented by one very valuable feature – the authenticator.

Increasingly, and for the most part enforced, we, as users, are switching to multi-factor authentication. In addition to knowing the password, pin-code, we are required to have something. Security requires additional evidence that an anonymous user for the system is you. The system has not gone, or has not yet gone the way of identification with biometric data (and may not be able to go due to the heightened requirements of the GDPR for sensitive data — which are biometric data). More often, we are faced with the need to use a calculator, codes, code cards, enter the code from SMS and (!!!) give confirmation from a specially application on the phone.

“For me, charging a daily smartphone is a ritual that cannot be missed.”

The latest authentication tool is actively supported by banks. Google in the proposed dual-authentication conveniently used the same device. In this lie both pluses and huge minuses. The main disadvantage is the health and performance of the device. For me, charging a daily smartphone is a ritual that cannot be missed. A low battery charge is the same as an empty tank in the desert where there is not a living soul for 200-300 kilometers.

google 2 step verification, alternatives

Banks have pretty strongly established dependence on this authentication tool. But can it be considered reliable, really reliable.
Recently, a bank authenticator, which I use, has literally failed for several minutes. I certainly wanted to make a money transfer and then I remembered the code cards that were still stored in my wallet. Hurray, I thought, and … I could not move beyond the field – a permanent password. I have not used it for more than a year, changing it regularly at the request of the same bank.

“But what happens if one easy authentication fails?

Google has a number of alternatives, perhaps many of them are not reliable, but there are alternatives. Banks, for example, offer (inconvenient) calculators and convenient applications. But what happens if one easy authentication fails? While I did not find the answer, I still hope for the operability of the device and software, although from the point of view of risks this situation moves from the category of low-medium risks to non-permissible ones.

ISO 45001:2018 – My Presentation of the Certification Opportunity

I’m grateful to the LBAS for the opportunity to talk about the new ISO 45001:2018 standard and how there is a way to recognize the compliance of the labor protection system at the international level.
In my presentation I talked about the first steps necessary for the implementation of the system, I outlined the standard itself and its connection to OHSAS 18001, as well as the certification process, which in particular is carried out by Veritas Bureau Latvia accredited to this standard in LATAK.

Andrejs Boka LBAS konferencē
Andrejs Boka LBAS rīkotā konferencē