Data Handling Protocols
Classify HR data into the correct sensitivity tier and build step-by-step handling procedures that keep your organisation compliant and your people protected.
Data Classification Matrix
Click each tier to explore its definition, HR-specific data examples, and the handling requirements that apply at that classification level.
Classify-It Exercise
For each HR data item below, select the correct classification tier. Test how well you understand the sensitivity levels that apply to everyday HR information across recruitment, employee records, and workforce planning.
Handling Procedure Builder
Select a data classification tier to generate step-by-step handling procedures covering the full data lifecycle -- from collection through to disposal.
Each procedure set covers six lifecycle phases: collection (how data enters your systems), storage (where and how it is kept), access (who can see it), sharing (how it moves between people), retention (how long you keep it), and disposal (how you destroy it). Higher-tier data requires more rigorous procedures at every phase.
Key Insight: The Classification-Compliance Gap
Most organisations have a data classification scheme on paper, but the gap between having a framework and actually following it is where breaches happen. When an HR officer pastes salary data into an AI chat tool without checking the classification tier, the policy has failed -- not because it was wrong, but because it was not embedded into daily workflows.
Close this gap by making classification visible at the point of action: labelling documents with their tier, building classification prompts into AI tool interfaces, and running quarterly spot-checks where you audit a random sample of AI interactions against the classification matrix.