data-classification-skills

Classifies sensitive data in AI/ML training datasets including bias detection for Art. 9 categories, data card documentation, provenance tracking, and consent verification for model training. Keywords: AI training data, ML dataset, bias detection, data card, model training, Art 9, consent, GDPR AI.

Implements automated PII discovery and classification using tools like Microsoft Purview, BigID, OneTrust DataDiscovery, and AWS Macie. Covers scanning schedules, accuracy tuning, false positive management, and integration patterns. Keywords: data discovery, PII scanning, Purview, BigID, Macie, OneTrust, automated classification, data cataloging.

Develops data classification policies with tiered handling (public, internal, confidential, restricted), labeling requirements, enforcement mechanisms, and procedures per tier. Covers policy governance, exception handling, and compliance monitoring. Keywords: classification policy, data tiers, handling procedures, labeling, enforcement, data governance, information security.

Handles GDPR Art. 10 criminal conviction and offence data classification including official authority requirements, national law derogations, and comprehensive register restrictions. Covers controller obligations for criminal background checks and offence records. Keywords: criminal data, Art 10, conviction data, offence records, criminal background, DBS check.

Harmonises data classification across jurisdictions mapping GDPR special categories vs CCPA sensitive PI (1798.140(ae)) vs HIPAA PHI (160.103) vs LGPD sensitive data (Art. 5-II). Provides cross-regulation mapping matrix for multinational compliance. Keywords: cross-jurisdiction, GDPR, CCPA, HIPAA, LGPD, sensitive data, multinational, classification mapping.

Builds comprehensive data inventory per GDPR Art. 30 Records of Processing Activities. Covers system-by-system discovery, data flow diagramming, third-party identification, and legal basis per category. Keywords: data inventory, data mapping, Art 30, RoPA, data flow, processing activities.

Implements data classification labels and tagging systems including metadata tagging, DLP integration, automated label propagation, user-applied labels, and label inheritance rules. Covers Microsoft Purview sensitivity labels and enterprise labeling architecture. Keywords: data labeling, sensitivity labels, metadata tagging, DLP integration, label propagation, Purview, classification.

Implements data lineage tracking for privacy compliance including origin tracking, transformation logging, access auditing, deletion verification, and cross-system lineage graphs. Covers source-to-sink mapping, GDPR Art. 30 RoPA integration, automated lineage discovery, and breach impact scoping. Keywords: data lineage, data provenance, data flow mapping, transformation logging, deletion verification.

Classifies personal vs non-personal data per GDPR Art. 4(1) definition test with decision tree for borderline cases. References Breyer v Germany CJEU C-582/14 dynamic IP ruling and WP29 Opinion 4/2007. Keywords: personal data, GDPR Art 4, data classification, Breyer ruling, identifiability test, PII.

Detects PII in unstructured data including emails, documents, images, and logs using NER-based detection with spaCy and Microsoft Presidio, regex patterns, OCR integration, and confidence scoring. Keywords: PII detection, unstructured data, NER, spaCy, Presidio, OCR, regex, email scanning, document scanning.

Classifies data as pseudonymised or anonymised using Recital 26 reasonably likely test, Breyer ruling C-582/14, motivated intruder test, and WP29 Opinion 05/2014 on anonymisation techniques. Covers singling out, linkability, and inference tests. Keywords: pseudonymisation, anonymisation, Recital 26, re-identification, k-anonymity, differential privacy, WP29 Opinion 05/2014.

Identifies and classifies GDPR Art. 9 special category data including racial origin, political opinions, religious beliefs, trade union membership, genetic, biometric, health, and sexual orientation data. Covers processing conditions under Art. 9(2)(a)-(j). Keywords: special category, Art 9, sensitive data, biometric, genetic, health data, explicit consent.