From 1ed53abe8c32b21a8b7c486a7c4e1999618905bb Mon Sep 17 00:00:00 2001 From: Katrin Hoffmann Date: Tue, 24 Feb 2026 11:00:00 +0000 Subject: [PATCH] Add data classification standard --- standards/data-classification.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 standards/data-classification.md diff --git a/standards/data-classification.md b/standards/data-classification.md new file mode 100644 index 0000000..b205930 --- /dev/null +++ b/standards/data-classification.md @@ -0,0 +1,18 @@ +# Data Classification Standard + +**Version:** 1.0 | **Owner:** Compliance | **Classification:** Internal + +## Classification levels + +| Level | Examples | Handling | +|-------|---------|---------| +| Public | Marketing materials, press releases | No restrictions | +| Internal | This document, org charts | Nexus staff only | +| Confidential | Customer data, financial reports | Need-to-know, encrypt at rest | +| Restricted | Credentials, encryption keys, PII | Vault only, no email, audit logged | + +## PII handling + +All personally identifiable information is classified as **Confidential** minimum. +Processing of PII requires GDPR lawful basis and must be documented in the data register. +Contact dpo@nexus.local with questions.