Classify your data's sensitivity?
Defining levels of data sensitivity can be a complex process that depends on the specific organization and the types of data they handle. However, as a general guideline, the following definitions may be used to define four levels of data sensitivity:
Low: This level includes data that is considered non-sensitive or public information that can be freely shared without concern for potential harm or negative impact. Examples of low sensitivity data may include general company information, public announcements, or marketing materials.
Basic: This level includes data that is not highly confidential, but should still be protected to prevent unauthorized access or disclosure. Examples of basic sensitivity data may include employee information, customer data, or internal communication.
Sensitive: This level includes data that is highly confidential and should only be accessible to authorized individuals or groups. This may include personally identifiable information (PII), financial data, or confidential business information.
Critical: This level includes data that is essential to the organization's operations and could cause significant harm or loss if compromised. Examples of critical data may include trade secrets, intellectual property, or classified government information.
Leiden University suggests that data should be classified to assess its value and potential security risks. This is an important aspect of registering processing activities, whether they involve personal information or not.