# Data Classification Standard **Version:** 1.0 | **Owner:** Compliance | **Classification:** Internal ## Classification levels | Level | Examples | Handling | |-------|---------|---------| | Public | Marketing materials, press releases | No restrictions | | Internal | This document, org charts | Nexus staff only | | Confidential | Customer data, financial reports | Need-to-know, encrypt at rest | | Restricted | Credentials, encryption keys, PII | Vault only, no email, audit logged | ## PII handling All personally identifiable information is classified as **Confidential** minimum. Processing of PII requires GDPR lawful basis and must be documented in the data register. Contact dpo@nexus.local with questions.