The organization shall maintain a list of data sets contained in the data stores it manages.
The documentation shall include at least the following information:
The dataset owners (or the owners of the related information asset, such as a data store or data system) are responsible for the classifications of the datasets and the correspondence of the classification to the definitions of the classes.
The owner updates the data classification over the life cycle of the asset according to variations in its value, sensitivity, and criticality.
Limiting the retention time is one of the principles of the processing of personal data. If the retention period of the data is not provided by law, when determining the retention periods, the following must be taken into account, for example:
Describe your own process for evaluating retention periods.
An owner is assigned to each data set. The owner is responsible for the life cycle of the information asset and is responsible for performing the management tasks related to that asset.
The owner's duties include e.g.:
The owner can delegate some of the tasks, but the responsibility remains with the owner.
Data Loss Prevention (DLP) policies can be used to protect sensitive data from accidental or intentional disclosure. Policies can alert, for example, when they detect sensitive data (such as personal identification numbers or credit card numbers) in email or another data system to which they would not belong.
The organization defines DLP policies related to endpoints in a risk-based manner, taking into account the data classification of the processed data.
The DLP system aims to prevent the loss or leakage of sensitive data. The system can be used to prevent unwanted actions by monitoring, detecting and preventing the processing of sensitive data without meeting the desired conditions. Blocking can be done during use (in-use, terminal operations), in motion (in-transit, network traffic) or in storage locations (at-rest).