Cyber Security Academy · Lesson

Data Classification and Minimization

Handling data responsibly.

Why Classify Data

You cannot protect what you have not categorized. Data classification assigns sensitivity levels so controls match risk: the more sensitive the data, the stronger the safeguards.

Classification drives access control, encryption requirements, retention periods, and breach-response priority.

Classification Levels

A common scheme uses four tiers:

Public: no harm if disclosed
Internal: routine business data
Confidential: customer data, contracts
Restricted: special-category data, secrets, credentials

Each level maps to required controls. Labels should be simple enough that staff actually apply them correctly.

All lessons in this course

Why Data Privacy Matters
GDPR and KVKK Essentials
Data Classification and Minimization
Breach Notification and DPIAs

← Back to Cyber Security Academy