security-policies/standards/data-classification.md

18 lines
727 B
Markdown

# Data Classification Standard
**Version:** 1.0 | **Owner:** Compliance | **Classification:** Internal
## Classification levels
| Level | Examples | Handling |
|-------|---------|---------|
| Public | Marketing materials, press releases | No restrictions |
| Internal | This document, org charts | Nexus staff only |
| Confidential | Customer data, financial reports | Need-to-know, encrypt at rest |
| Restricted | Credentials, encryption keys, PII | Vault only, no email, audit logged |
## PII handling
All personally identifiable information is classified as **Confidential** minimum.
Processing of PII requires GDPR lawful basis and must be documented in the data register.
Contact dpo@nexus.local with questions.