classification-policy

Installation
SKILL.md

Data Classification Policy Development

Overview

A data classification policy establishes the enterprise-wide framework for categorising data by sensitivity level and prescribing handling requirements per tier. The policy translates GDPR classification obligations (personal, special category, criminal) and information security requirements (confidentiality, integrity, availability) into practical, enforceable rules that govern how data is stored, transmitted, accessed, and disposed of throughout its lifecycle. This skill covers the design, implementation, and enforcement of a four-tier classification scheme aligned with GDPR requirements and ISO 27001 Annex A controls.

Classification Tier Structure

Four-Tier Model for Vanguard Financial Services

Tier Label Description GDPR Mapping ISO 27001 Mapping
Tier 1: Public PUBLIC Information approved for public release. Disclosure carries no risk to the organisation or individuals. Anonymised data (Recital 26), published reports, public filings A.8.2 — Unclassified/Public
Tier 2: Internal INTERNAL Information for internal use only. Disclosure would cause minor inconvenience but no significant harm. Pseudonymised aggregate data, internal procedures, organisational charts A.8.2 — Internal
Tier 3: Confidential CONFIDENTIAL Information whose disclosure would cause significant harm to individuals or the organisation. Personal data (Art. 4(1)), financial data, customer records, employee records A.8.2 — Confidential
Tier 4: Restricted RESTRICTED Information whose disclosure would cause severe harm, regulatory sanction, or irreversible damage. Art. 9 special category data, Art. 10 criminal data, trade secrets, regulatory investigation data A.8.2 — Restricted/Secret

Classification Decision Matrix

Installs
10
GitHub Stars
187
First Seen
Jun 9, 2026
classification-policy — mukul975/privacy-data-protection-skills