What is a compliance preset?

A compliance preset is a curated selection of PII entity types aligned with specific privacy regulations (GDPR, HIPAA, PCI-DSS, CCPA, etc.). Using the correct preset ensures your PII scanner focuses on data types most relevant to your regulatory obligations.

How many compliance presets does piisafe.eu support?

piisafe.eu supports 27 presets via cloak.business and 24 presets via anonym.legal. This includes major frameworks (GDPR, HIPAA, PCI-DSS, CCPA) plus 20+ regional/industry-specific presets (DE, FR, UK, IT, ES, CH, AT, and others).

Which preset should I use for my website?

Choose based on your primary regulatory obligation: Use GDPR for EU users, HIPAA for healthcare data, PCI-DSS for payment information, CCPA for California residents. For international websites, use GDPR as the baseline, then add regional presets as needed (e.g., GDPR + DE for German users, GDPR + UK for British users).

Can I use multiple presets at once?

Yes. You can combine presets to create a comprehensive scanning profile. For example: GDPR + HIPAA + PCI-DSS for a healthcare payment processor. This scans for entities relevant to all three regulations in a single pass.

Compliance Presets Guide — GDPR, HIPAA, PCI-DSS, CCPA

What Are Compliance Presets?

Curated entity selections aligned with regulatory frameworks

A compliance preset is a pre-configured selection of PII entity types designed to detect data categories mandated by specific privacy regulations. Instead of manually selecting hundreds of entity types, presets let you scan using a single framework.

GDPR (EU)

28 entity types for EU data protection

HIPAA (Healthcare)

18 entity types for health data

PCI-DSS (Payments)

12 entity types for card data

CCPA (California)

25 entity types for CA residents

Major Compliance Frameworks

The four most important regulatory frameworks with comprehensive PII detection

🇪🇺 GDPR

EUROPEAN UNION

General Data Protection Regulation covering all EU/EEA residents and anyone processing personal data in the EU.

Entity Types 28

Applicable To 27 EU/EEA

Recommended For All EU users

Detects: email addresses, phone numbers, IBANs, IBAN checksums, national IDs, tax IDs, passport numbers, driver licenses, and more.

🏥 HIPAA

HEALTHCARE (US)

Health Insurance Portability and Accountability Act for healthcare providers, insurers, and business associates in the USA.

Entity Types 18

Focus Areas Health data

Use With PCI-DSS (if billing)

Detects: medical record numbers, insurance provider IDs, health plan identifiers, patient account numbers, and related PHI.

💳 PCI-DSS

PAYMENTS

Payment Card Industry Data Security Standard for organizations processing credit/debit cards.

Entity Types 12

Critical Entities Card #, CVV

Compliance Level Mandatory

Detects: credit card numbers, CVV/CVC codes, card holder names, expiration dates, magnetic stripe data, and related PAN.

🇺🇸 CCPA

CALIFORNIA

California Consumer Privacy Act protecting privacy rights of California residents, with broader applicability to all similar state laws.

Entity Types 25

Covers 9+ US states

Scope Consumer data

Detects: SSNs, driver license numbers, passport IDs, email addresses, phone numbers, biometric data, and personal identifiers.

Regional & Country-Specific Presets

20+ presets for localized privacy regulations and data protection laws

In addition to major frameworks, piisafe.eu supports country and region-specific presets that account for local ID formats, tax systems, and privacy laws.

🇩🇪 Germany (DE)

IBAN, Steuer-ID, Personenkennziffer

Specialized detection for German tax IDs and social security numbers

🇫🇷 France (FR)

SIRET, NIR, IBAN-FR

French SIREN/SIRET business numbers and national insurance numbers

🇬🇧 United Kingdom (UK)

NI Number, UK IBAN, DPA/UK-GDPR

National Insurance numbers and post-Brexit UK data protection

🇮🇹 Italy (IT)

Codice Fiscale, IBAN-IT

Italian fiscal codes and regional privacy compliance

🇪🇸 Spain (ES)

DNI, IBAN-ES, LOPD

Spanish national IDs and LOPD compliance detection

🇨🇭 Switzerland (CH)

AHV, IBAN-CH, FedPIC

Swiss social security and cantonal data protection laws

🇦🇹 Austria (AT)

SV-Nummer, IBAN-AT

Austrian social security numbers and DSG compliance

+ 15 More Regions

NL, BE, SE, NO, DK, FI, PL, CZ, PT, GR, and more

Complete coverage of European and major international markets

Preset Comparison Matrix

Complete overview of entity coverage across major frameworks

Entity Type	GDPR	HIPAA	PCI-DSS	CCPA
EMAIL_ADDRESS	✓	✓	–	✓
PHONE_NUMBER	✓	✓	–	✓
CREDIT_CARD	✓	–	✓	✓
IBAN	✓	–	–	–
SSN (Social Security)	–	–	–	✓
NATIONAL_ID	✓	–	–	✓
TAX_ID / Steuer-ID	✓	–	–	–
PASSPORT_NUMBER	✓	–	–	✓
DRIVER_LICENSE	✓	✓	–	✓
MEDICAL_RECORD_NUMBER	–	✓	–	–
CVV / CVC (Card Security)	–	–	✓	–
LOCATION / ADDRESS	✓	✓	–	✓

Note: Entity coverage may vary between cloak.business (320+ entities) and anonym.legal (285+ entities). Consult your API provider's documentation for complete lists.

Which Preset for Your Industry?

Industry-specific guidance on selecting the right compliance framework

🏥 Healthcare & Pharmaceutical

Primary Preset: HIPAA (for US/international) + regional presets

Healthcare providers, insurers, and business associates must comply with HIPAA. If operating in EU, combine HIPAA with GDPR. Use anonym.legal's medical entity detection for diagnosis codes and prescription patterns.

Example: HIPAA + GDPR + DE (if treating German patients)

🏦 Finance & Banking

Primary Presets: PCI-DSS + GDPR + CCPA (if US-based)

Any organization handling payment cards must use PCI-DSS. Banks and fintech must also comply with GDPR (EU customers). Include CCPA if serving California or other US states with similar laws.

Example: PCI-DSS + GDPR + CCPA (for global coverage)

🛍️ E-Commerce & Retail

Primary Presets: GDPR (EU customers) + CCPA (US customers) + PCI-DSS (if processing payments)

Retailers must balance EU (GDPR) and US (CCPA) compliance. If collecting payment information directly, PCI-DSS is mandatory. Many retailers use third-party payment processors (which handle PCI-DSS) but still need GDPR + CCPA for customer emails, phone numbers, etc.

Example: GDPR + CCPA (if international), GDPR-only (EU-only)

🏢 SaaS & Software

Primary Presets: GDPR + CCPA + regional presets (for international users)

SaaS platforms process user data across multiple regions. GDPR is essential for any EU users. Add CCPA for California users, and region-specific presets for each supported country. Consider HIPAA if any healthcare customers exist.

Example: GDPR + CCPA + UK (British users) + DE (German users)

📰 Media & Publishing

Primary Presets: GDPR + CCPA + regional presets

Publishers handling subscriber/reader data must comply with GDPR (EU readers) and CCPA (US readers). Be especially vigilant for data leakage in article metadata, author bios, and comment systems where PII can accidentally appear.

Example: GDPR + CCPA (scan for exposed author emails, reader phone numbers)

🌍 Global/International

Primary Presets: GDPR baseline + all relevant regional presets

Organizations operating globally must use GDPR as the baseline (most comprehensive), then add regional presets for each market. GDPR is often sufficient alone, but region-specific presets catch local ID formats and tax numbers you might otherwise miss.

Example: GDPR + UK + DE + FR + ES + IT + CH (for Western Europe)

Customizing Presets

How to modify presets for your specific compliance needs

Step-by-Step Customization

1

Select Your Base Preset

Choose a primary framework (GDPR, HIPAA, PCI-DSS, CCPA) that best matches your main regulatory obligation. This ensures you cover mandatory entity types.
2

Add Regional Context

If operating in multiple regions, add country-specific presets (DE, FR, UK, IT, etc.) to detect local ID formats, tax numbers, and regional entity types.
3

Include Complementary Frameworks

Combine related presets: GDPR + HIPAA (healthcare in EU), PCI-DSS + GDPR (payments in EU), HIPAA + CCPA (healthcare in California).
4

Exclude Non-Relevant Types (Optional)

If a preset detects entities irrelevant to your business (e.g., IBAN detection for a US-only payment processor), you can manually exclude them via the scanner UI.
5

Set Detection Threshold

Adjust confidence thresholds: Strict (fewer false positives), Balanced (recommended), or Permissive (catch more potential matches). Export results for review.
6

Test & Document

Run a test scan on a sample page, review detected entities, adjust if needed. Document your custom preset selection for compliance audits.

💡 Tip: Multi-Preset Scanning

The scanner allows you to select multiple presets in a single scan. For example, you can check GDPR + PCI-DSS + CCPA simultaneously to verify compliance across all frameworks at once.

This is more efficient than running three separate scans and produces a consolidated report with all detected entities ranked by regulatory relevance.

API Provider Coverage

How many presets each API provider supports

cloak.business

Presets (enterprise tier)

✓ All 4 major frameworks
✓ 20+ regional presets
✓ 320+ total entity types
✓ ML + Regex hybrid
✓ Image OCR detection

anonym.legal

Presets (starter tier)

✓ All 4 major frameworks
✓ 18+ regional presets
✓ 285+ total entity types
✓ Regex-based detection
✓ Chrome extension support

All presets are available in piisafe.eu — whether you use cloak.business or anonym.legal API. The scanner supports both providers' preset catalogs, so you can choose based on your budget and feature requirements.

Frequently Asked Questions

Common questions about compliance presets

What's the difference between presets and custom entity selection?

Presets are pre-configured, curated selections aligned with regulatory frameworks — they ensure you're checking for the right types of PII for your compliance obligations. Custom entity selection gives you granular control but requires expertise to know which entities are relevant to your regulation. For most users, presets are recommended.

Can I combine multiple presets in one scan?

Yes. You can select multiple presets simultaneously (e.g., GDPR + HIPAA + PCI-DSS). The scanner will check for all entity types across selected presets and generate a unified report showing which regulations each detected entity impacts.

Which preset is most comprehensive?

GDPR is typically the most comprehensive for generic PII detection (28+ entities). However, the "most comprehensive" preset depends on your needs: use HIPAA for health data, PCI-DSS for payments, CCPA for consumer privacy. For maximum coverage, combine GDPR + HIPAA + PCI-DSS + CCPA.

Do I need to use every applicable preset?

Not necessarily. Start with your primary regulatory obligation (GDPR if EU-based, HIPAA if healthcare, PCI-DSS if payments). Add regional presets only if you operate in those regions or serve those customers. This focuses your scan on relevant data types and reduces false positives.

What if a preset detects false positives?

Adjust the detection threshold to "Strict" mode, which increases confidence requirements. Review false positives in your export (HTML, JSON, CSV) and note them for your compliance documentation. Some presets have optional entity types you can exclude if not relevant to your business.

Are presets legally binding for compliance?

Presets are designed to align with regulatory frameworks, but they're not a substitute for legal advice. A preset detects entities mandated by a regulation, but compliance is broader — it includes data handling, consent, retention, and security practices. Use presets as part of a comprehensive compliance program, not as the only requirement.

How often are presets updated?

Presets are updated when regulations change or new entity types are identified. piisafe.eu automatically uses the latest preset definitions from cloak.business/anonym.legal. You'll be notified if a preset's scope changes significantly.

Can I export my custom preset configuration?

Custom preset selections are saved in your browser's localStorage and can be re-used across scans. To share or document your configuration, export your scan results (which include selected presets) as JSON or CSV.

Infrastructure & Compliance Assurance

How piisafe.eu ensures compliance scanning integrity

🇩🇪 German Infrastructure

All scans are processed in Germany (Hetzner). Data never leaves EU infrastructure, ensuring GDPR Article 44 compliance (no third-country transfers).

🔒 ISO 27001 Certified

piisafe.eu's infrastructure is ISO 27001 certified, ensuring rigorous information security management and audit compliance.

💾 Zero Data Storage

Scan results are delivered directly to your browser. No results are stored on servers. This is zero-knowledge architecture by design.

🎯 Deterministic Detection

Regex-based pattern matching ensures reproducible, consistent results—critical for compliance audits where you need provable, repeatable evidence.

📄 Audit-Ready Reports

Export results as HTML, JSON, or CSV with full preset and configuration details for documentation, regulators, and auditors.

🔄 Preset Versioning

Each scan records the preset version used, ensuring you can prove your compliance baseline was current at the time of scanning.

Start Your Compliance Scan Today

Select your regulatory preset, configure your scan, and get PII detection results in under 60 seconds. No registration, no credit card.

Open PII Scanner

Compliance Presets Reference Guide