GDPR and Data Classification

Data Discovery and Classification

- A critical element of GDPR compliance

The new breach notification requirements in the GDPR demand heightened data monitoring, providing the ability to spot unusual behaviour and access patterns.

Increased documentation and data classification requirements mean that you need to know where personal data is, who’s accessing it, and making sure only the right people have access to it

GDPR Compliance starts with understanding the data itself. It’s more critical than ever to know your data. Where is sensitive data stored? Who is accessing it? Who should be?

A Classification Framework for GDPR Compliance

Identify where personal data is located (SharePoint, Cloud, etc.) to meet data accountability

Monitor and audit data access and permission changes. Record all data

Delete global accesses
and overexposed data. Make sure PII is kept on a need to know basis.

Apply a least privilege access model, ensuring personal data by
design and by default.

Limit data retention: establish data retention procedures so data is not stored longer than needed

How Bytes and Varonis Can Help

Bytes Security Partnerships and Data Classification and Control Partner Varonis Systems help uncover security issues quickly and give context around metadata and what’s actually happening on your file and email servers, SharePoint, and Active Directory.

This assists with compliance with two key parts of the GDPR - Privacy by Design & By Default (PbD) and Breach Notification.

We start by answering the three most critical questions:

What sensitive data do I have?

Where is it? (on-premise, with third parties or in the cloud)

How is it being accessed?

Why is Data Classification vital for Breach Notification?

Breach notification requirements place a new burden on data controllers - reporting with context. Under GDPR, the mantra should be “always monitoring”. You’ll need to spot unusual patterns against files containing personal data, and promptly report exposure to the local authority.

Varonis’ innovative user behaviour analytics with privileged account detection analyse and detect suspicious activity – helping you detect potential security breaches, misconfigurations, and other issues and thus easing compliance with the new regulations.


  • Increased security with machine learning and user behaviour analytics (UBA)
  • Automatically alerting on suspicious activity and potential security incidents
  • Establishing incident response and forensics procedures

How prepared are you for GDPR? To what extent do you comply? Find out with a free GDPR Readiness Assessment

Request a Free GDPR Readiness Assessment

Interested in Data Classification & GDPR? Use the form or contact us details below to send us an enquiry

Want to know more about GDPR and Data Classification? Call us on 0845 075 0560 or email us at

Get a quote...

Email instead Call us