Varonis debuts trailblazing features for securing Salesforce. Learn More

Varonis named a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023

Read the report

How to Protect GDPR Data with Varonis

3 min read
Last updated Sep 24, 2021


    In the overall data security paradigm, GDPR data isn’t necessarily more important than other sensitive data, but demands specific monitoring, policy, and processing – with significant fines to encourage compliance. Once you discover and identify GDPR data, you need to be able to secure and protect that data.

    GDPR Article 25, “Data Protection by Design and Default,” sets the rules for securing GDPR data. Varonis helps automate and implement a process to get to and maintain a least privilege model to help meet this part of the GDPR. Once you limit access to data, you can proactively protect GDPR data by analyzing file activity and user behavior, automating how to process that data, and actively monitoring your GDPR data.

    Apply Security Analytics to GDPR Data

    Varonis applies data security analytics to file activity and user behavior, and DatAlert can apply specific threat models to monitor and alert on suspicious activity on GDPR data. Below is a sample of some of our GDPR threat models:

    Threat Model: Access to an unusual number of idle GDPR files

    How it works: DatAlert triggers this alert when a user accesses a statically significant number of GDPR files that they have not accessed previously (i.e., did not create or modify).
    What it means: This user account is looking for something containing GDPR data that they don’t normally access. This attack could be an infiltration attempt, a compromised account, or evidence of breached security.
    Where it works: Dell Fluid, EMC, Hitachi NAS, HP NAS, NetApp, OneDrive, Sharepoint, SharePoint Online, Unix, Unix SMB, Windows, Nasuni, HPE 3PAR File Persona

    Threat Model: Unusual number of GDPR files deleted or modified

    How it works: DatAlert identifies when a user account is deleting or modifying an unusual amount of files that contain GDPR data, compared to that user’s typical behavior.
    What it means: When users are deleting or changing many files, it could be an attempt to either cover their tracks, steal data, or modify information. It often indicates that an attacker is attempting to damage or destroy critical data as part of a denial-of-service attack. It’s possible that this user is simply doing clean-up, but more likely is an attempt to steal (or destroy) data.
    Where it works: Dell Fluid, EMC, Hitachi NAS, HP NAS, NetApp, OneDrive, Sharepoint, SharePoint Online, Unix, Unix SMB, Windows, Nasuni, HPE 3PAR File Persona

    Threat Model: Unusual number of GDPR files with denied access

    How it works: DatAlert detects an increase in the number of GDPR files a user has failed to access.
    What it means: When a user gets that many denies in a set amount of time, they are looking for – or trying to access – something that they likely shouldn’t be touching. Most likely they are not supposed to be looking for this kind of data, and someone is trying to use this account to access GDPR data in order to exfiltrate it.
    Where it works: EMC, Windows, Hitachi NAS

    DatAlert highlights suspicious activity and unusual behavior on GDPR data, and helps streamline investigation and pursue forensics on potential threats. DatAlert will also give you the all-important heads up you need to be able to report a data breach discovery within the GDPR mandated 72 hours.

    practice to develop an alert response plan that makes sense

    It’s best practice to develop an alert response plan that makes sense with your organization’s security practices and policies so that you have an actionable plan to investigate unusual behavior and suspicious activity.

    Automatically Quarantine GDPR Data

    In order to stay compliant on a day-to-day basis, you need to be constantly detecting new unsecured GDPR data and protecting that data as quickly as possible.

    As users create new files there is a possibility that GDPR data will be left unsecured. Because the Data Classification Engine continuously discovers new GDPR data in your shares, it can pass that information to the Data Transport Engine. The Data Transport Engine can move those newly discovered files containing GDPR data to a quarantine folder during its next scheduled run. Once the GDPR data is quarantined and secured, you can investigate the file and determine who should have access, where it should be stored, and any additional conditions to help comply with GDPR.

    Monitor your GDPR Data

    It’s vital to maintain a holistic perspective of your GDPR security status. Varonis provides several reports that allow you to keep track of your GDPR data, which can be delivered to your inbox or a shared folder.

    Report 12.I.02, Open Access on Sensitive Data

    Report 12.I.02, Open Access on Sensitive Data, will show you all the GDPR classification matches you have on the network that were discovered within your specified time slice. If you use Data Transport Engine to quarantine new matches, you’ll be able to use this report as a starting point for which files you want to investigate. If you aren’t using Data Transport Engine, you will have to ensure these files are locked down as quickly as possible.

    GDPR regulations represent a shift in the way governments are broadly approaching data privacy and data security requirements – and it’s rooted in data security best practices.

    Are you ready to see what how your current GDPR situation looks? Get a free 30-day GDPR Readiness Assessment and see how Varonis can help protect your GDPR data.

    What you should do now

    Below are three ways we can help you begin your journey to reducing data risk at your company:

    1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
    2. Download our free report and learn the risks associated with SaaS data exposure.
    3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Twitter, Reddit, or Facebook.

    Free Data Risk Assessment

    Join 7,000+ organizations that traded data darkness for automated protection. Get started in minutes.