In a scenario where you are required to classify data based on regulatory compliance requirements, which of the following approaches would be most effective? Consider the types of data (e.g., PII, financial records) and the jurisdictions involved (e.g., GDPR, HIPAA).