Data Loss Prevention

Data Loss Prevention (DLP) is a set of strategies, controls, and technologies that detect, monitor, and prevent unauthorized disclosure of sensitive data — whether intentional (malicious insider, external attacker) or accidental (misaddressed email, misconfigured share). DLP has evolved far beyond its email-scanning origins: modern DLP spans endpoints, networks, cloud applications, email, removable media, and — increasingly — GenAI prompts and outputs.

The three classical DLP categories remain valid in 2026: (1) Endpoint DLP — agents on employee devices that monitor file access, clipboard, print, USB, and screen capture. (2) Network DLP — inspects traffic leaving the corporate perimeter via HTTPS, email, or file transfer protocols. (3) Cloud DLP — integrates with SaaS applications (Microsoft 365, Google Workspace, Salesforce, Box) via API to identify and protect sensitive data in cloud stores.

A fourth category has emerged and is now mandatory for any organization using LLMs: GenAI DLP. Employees pasting confidential data into ChatGPT, Claude, or Copilot represents a material data exfiltration vector. Leading DLP platforms (Microsoft Purview, Zscaler, Netskope, Forcepoint) now inspect prompts and block or redact sensitive content before submission.

DLP classification is the foundation. Sensitive data types typically include: personally identifiable information (PII) under GDPR, payment card data (PCI DSS), health records (HIPAA), source code, intellectual property, customer lists, financial reports, and credentials. Classification uses a combination of pattern matching (regex for card numbers, IBAN), keyword lists, fingerprinting of specific documents, and ML-based content analysis.

For regulated European organizations, DLP is not optional: DSGVO Art. 32 requires appropriate technical measures against unauthorized disclosure; NIS2 Art. 21(2)(h) explicitly lists cryptography and access control; DORA Art. 9(2) requires protection of ICT systems from information leakage; and ISO 27001:2022 Annex A 8.12 is titled literally 'Data leakage prevention' and is a new control added in the 2022 revision.

Common DLP implementation failures include: overly broad policies that generate alert fatigue and push teams to disable the tool, lack of sensitivity labels on documents, no clear remediation workflow (who reviews DLP alerts and how fast?), and gaps between endpoint and cloud coverage. A well-run DLP program produces a declining trend of false-positive alerts as classifiers and labels mature, clear MTTR metrics for reviewed incidents, and evidence that blocks successfully prevent exfiltration.

Matproof integrates with DLP tooling signals (Microsoft Purview, Netskope, Zscaler) and maps DLP-related controls to DSGVO Art. 32, NIS2 Art. 21, DORA Art. 9, ISO 27001 A.8.12 and SOC 2 Confidentiality criterion — so a single DLP investment satisfies all frameworks in one evidence pipeline.