Get Ahead of Privacy Regulations with Expert-Built Classification Rules

Policy Pack is an ever-expanding library of accurate and comprehensive rules to find and protect GDPR and CCPA data.

Author Image

Varonis gives us the insight and immediate alerting we need to protect our customers and meet data privacy requirements. I don’t know how we would have achieved GDPR compliance without Varonis.”



400+ GDPR and CCPA Rules and Counting

Never write another complex RegEx to find personal data.

Policy Pack enhances Data Classification Engine with hundreds of new patterns that can accurately discover personal information specific to the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

We update the patterns and rules automatically to equip you with the latest changes in data privacy laws so you’ll never fall behind.


Pinpoint Accuracy at Petabyte Scale

Our classification engine goes beyond regular expressions and includes pre-built databases of known-valid values, proximity matching, negative keywords, and algorithmic verification to generate high-fidelity results.

We do a lot of extra work to make sure you get accurate classification results with few false positives.


GDPR & CCPA Visibility Across Your Entire Environment

Varonis continuously discovers unstructured and semi-structured data on premises and in the cloud, on Windows servers, NAS devices, SharePoint, UNIX/Linux servers, and Office 365 (OneDrive and SharePoint Online), with support for file types such as .doc, .pptx, .xlsx, .zip, .rar, .pdf and many more.


Don’t Just Find Personal Data.
Protect It.

Finding personal information is only the first step toward data privacy. With the Varonis Data Security Platform, you can protect it with confidence.

Visualize Exposed Personal Data
Visualize Exposed Personal Data

Prioritize risk based on sensitivity, exposure, and staleness. Demonstrate remediation progress with dashboards that track PII exposure over time.

Rapidly Reduce Your Attack Surface
Rapidly Reduce Your Attack Surface

Automatically restrict access to personal information and minimize its exposure with the Automation Engine.

Take the Pain out of DSARs
Take the Pain out of DSARs

Fulfill data subject access requests (DSARs) and Right to be Forgotten requests with ease using DatAnswers. Export the results to be moved, deleted, or quarantined.

Enforce Data Protection Policies
Enforce Data Protection Policies

Reduce risk by finding stale personal information and moving, archiving, or deleting it with a Data Transport Engine rule.


Monitor & Protect PII with Advanced Threat Detection

Detect potential breaches by monitoring how regulated personal data is accessed. Use DatAlert to prevent data leaks and help meet breach notification requirements and reduce your risk of fines for non-compliance.


Varonis’ out-of-the-box threat models use machine learning to build behavioral profiles over hours, days and weeks for every user and device, so when they behave abnormally, they get noticed.

GDPR was data accessed in the past 24 hours

An unusual amount of data was uploaded to an external website after accessing GDPR data

An unusual amount of data was uploaded to email websites after accessing GDPR data

Access to an unusual number of idle GDPR files

Low and slow increase in number of idle GDPR files accessed

Unusual number of GDPR files deleted or modified

Permission changes: Global Access Groups added to folder with significant GDPR data

Unusual number of GDPR files with denied access

Abnormal service behavior: access to atypical folders containing GDPR data


Want to take a deeper dive?

Take a closer look at how Varonis classifies personal information related to privacy regulations and other sensitive data in this free recorded masterclass on the Data Classification Engine.


FAQFrequently Asked Questions

  • What policies are covered by Policy Pack?

    GDPR (all EU member states) and CCPA. Data Classification Engine by itself contains additional built-in rules and policies for hundreds of other regulations such as PCI, HIPAA, SOX, and others.

  • What do I need to do when there are updates to Policy Pack?

    Nothing! Varonis automatically downloads and updates Policy Pack for changes in the law or to add new patterns and rules.

  • What else do I need to run Policy Pack?

    DatAdvantage and Data Classification Engine are the prerequisites you need to use Policy Pack.

  • How long does Varonis take to scan my data?

    It depends on many different factors, like hardware, bandwidth, amount of data, etc. During an initial scan, Varonis reads every file. After the initial scan is completed, Varonis performs incremental scans, and ONLY scans files that we know have changed thanks to our activity feed. This makes every scan beyond the initial scan orders of magnitude faster.

Does your cybersecurity start at the heart?

Get a highly customized data risk assessment run by engineers who are obsessed with data security.