Please note that NYU IT has replaced two data-centric policies (Data Classification Table and Reference for Data and System Classification) with the new Electronic Data and System Risk Classification Policy, which incorporates necessary General Data Protection Regulation (“GDPR”) data-centric information. Please consult this policy for information on how NYU classifies information assets into risk based categories and security precautions that must be taken to protect these assets from unauthorized access. It is recommended that this policy be read in conjunction with the Data and System Security Measures policy, which details specific security measures that apply to each data and system classification.