This text is machine translated.
Why should documents be disposed of in the shredder?
Important regulations for companies: DIN 66399, DSGBO, BDSG, retention periods
What documents need to be shredded?
Shredder: was it important
Care: Do shredders need to be oiled?
Why should documents be disposed of in the shredder?
Documents containing sensitive, confidential or proprietary data should be shredded with the shredder for a simple reason: Data misuse. Whether it's a personal credit card, customer data, or tax records, full names, birth dates, signatures, and account information invite criminals to the data collection. In the meantime, it makes a lot of money. In the private sector, it is possible to clear accounts, use the e-mail address for spam mails or misuse your identity. In the business environment, damage to reputation, loss of customers, or financial damage may result.
Important regulations for companies
Individuals can largely decide themselves whether to destroy CDs containing important data, DVDs, credit cards or tax documents with a shredder. However, it is recommended to protect your own data.
A different legal situation applies to companies. You are obliged to destroy certain documents. The basis for this obligation is as follows:
The DIN standard 66399 specifies a precise framework for companies which documents must be included in the paper shredder. However, the destruction process should remain within reasonable cost and labor limits. The classification of the data into protection classes and security levels as defined in the standard helps.
Protection classes and safety levels according to DIN 66399
First, documents are classified using the three protection classes. The security levels define the type of documentation and the effort that would be required for its reconstruction.
Normal protection requirement for internal data. Unauthorized disclosure or disclosure would have a limited negative impact on the Company. Includes security levels 1 to 3.
High protection requirements for confidential data. Unauthorized disclosure or disclosure would have a significant impact on the Company and could violate any contractual obligations or laws. Includes security levels 3 to 5.
Very high protection requirements for particularly confidential and secret data. Unauthorized disclosure or disclosure would have a serious impact on the Company and/or would violate trade secrets, contracts and laws. Includes security levels 4 to 7.
|Protection class||Safety level||Application||Possible reproduction of the data||Cutting type|
|1||1||Recommended for data carriers with general content, e.g. private documents, catalogs.||Can be used without tools and expertise.||Strip cut or particle cut|
|1||2||Recommended for data carriers with internal data, e.g. for internal company communication.||With tools and special time required.||Strip cut or particle cut|
|1/2||3||Recommended for data carriers with sensitive and confidential data, e.g. sales evaluations, tax documents, personal data.||Only possible with considerable effort in terms of persons, aids and time.||Strip cut or particle cut|
|2/3||4||Recommended for data carriers with sensitive and confidential data, such as balance sheets, salary statements, employment contracts, personnel files.||Only possible with the use of commercial-unusual equipment and special constructions.||Shreds into bits|
|2/3||5||Recommended for data carriers with data to be kept secret, e.g. competitive analyzes, process documents, research documents.||By the state of the art unlikely.||Shreds into bits|
|3||6||Recommended for data carriers with data to be kept secret if exceptionally high security precautions are to be observed, e.g. patents, construction plans.||Impossible according to state of the art technology.||Shreds into bits|
|3||7||Recommended for data carriers with data to be kept strictly confidential if the highest security precautions are to be observed, e.g. intelligence or military information.||Impossible according to the state of technology and science.||Shreds into bits|
In order to make data destruction meaningful and time-saving, the documents to be shredded should be separated according to security levels. If this does not work, the documents should be destroyed according to the higher security level. This avoids shredding documents inadequately.
Strip cut for low safety levels.
Particle cut is suitable for all safety levels.
Classification of the material
As a rule, sensitive data is not only on paper, but also on a variety of different media. This is also to be observed in the sense of DIN 33699-1 . Shredders that can destroy the corresponding data media are marked with a letter after which the security level follows. For example, O-1.
|Abbreviation||Information presentation||For example|
|P||Original size||Paper, film, print forms|
|F||Reduced shape||Microfilm, film|
|O||Optical data carriers||CD, DVD|
|T||Magnetic Storage Media||ID cards, floppy disks|
|H||Hard disks with magnetic data carrier|
|E||Electronic data carriers||USB sticks, chip cards, semi-conductor hard disks, memory cards|
The storage density or the size of the information display depends on the type of data medium. For example, there is relatively little information on a sheet of paper. In comparison, chip cards with their memory cells or CDs with their data tracks store significantly more data on a smaller area. In order to effectively destroy the data, the material particles cut by the shredder must be correspondingly small at a high storage density in order to prevent a reconstruction. The material classification and the security level can be used to determine the size of the material particles. For example:
|Safety level||P (True Size)||O (optical media)||H (hard disks with magnetic data carrier)|
|1||Material particle surface max. 2,000 m² or strip width max. 12 mm||Material particle surface max. 2,000 mm²||Hard disk mechanically/electronically inoperative|
|2||Material particle surface max. 800 mm² or strip width max. 6 mm||Material particle surface max. 800 mm²||Disk damaged|
|3||Material particle surface max. 320 mm² or strip width max. 2 mm||Material particle surface max. 160 mm²||Data carrier deformed|
|4||Material particle surface max. 160 mm²||Material particle surface max. 30 mm²||Data carrier divided and deformed more times and material particle surface max. 2,000 mm²|
|5||Material particle surface max. 30 mm²||Material particle surface max. 10 mm²||Data carrier divided and deformed more times and material particle surface max. 320 mm²|
|6||Material particle surface max. 10 mm²||Material particle surface max. 5 mm²||Data carrier divided and deformed more times and material particle surface max. 10 mm²|
|7||Material particle surface max. 5 mm²||Material particle surface max. 0.2 mm²||Data carrier divided and deformed more times and material particle surface max. 5 mm²|
GDPR (Data Protection Basic Regulation)
The basic European Data Protection Regulation prohibits companies from processing personal data of customers and employees, i.e. their storage and processing. If there is no expressly permitted, legally regulated exception to the use of the data, the collected data must be destroyed or deleted. These procedures must be documented internally. In the context of document destruction, the GDPR refers to DIN Standard 66399.
BDSG (Federal Data Protection Act)
The Federal Data Protection Act defines the deletion of data as the "making of stored personal data unknown" (§3 para. 4 point 5). The Federal Data Protection Act does not prescribe how the destruction process is to take place. However §, 9 and §11 regulate the technical and organizational measures as well as the general conditions that must be observed when commissioning third parties for data collection.
The shredder must not be used until the prescribed storage periods have expired. This applies not only to companies, but also in some cases to private individuals. As a rule, the time limits for companies§§§ are noted in the Commercial Code ( 238, 257 and 325 HGB) and in the Tax Code ( 147 AO):
- Six years of commercial letters, business papers and documents of commercial and fiscal importance are to be kept.
- Ten years of retention apply, for example, to commercial books, inventories, opening balances, management reports, consolidated financial statements, incoming and outgoing invoices and accounting documents.
- Private individuals are required to cancel invoices and receipts for taxable services for two years. This includes documents on technical and structural services at your own property or in your own home.
Which documents must/should be shredded?
It is important to note that it is not only employees who are in the office who are shredding documents. This must also be possible in the home office. Here, an attachment shredder or a shredder with a small collection container is sufficient. The security level is also important here.
Shredder: was it important
In order to find the right shredder, the technical characteristics are important in addition to observing the safety-relevant features.
Depending on the amount of data media to be destroyed, it is particularly appropriate for paper documents that several sheets can be shredded at once. Up to eight sheets are possible with many devices.
The size of the collection container that collects the disk snippets also depends on the quantity. The container should be of sufficient size to avoid emptying it too often. For private households or small offices that only shred occasionally, small collection containers of 4 or 7 liters are sufficient. Open-plan offices, where the shredder is used daily by several people, prefer to use a device with a collection container of 100 or 120 liters.
Type of media:
Which disks should be destroyed? Are they paper sizes only, or are they CDs, DVDs, or credit cards? For this purpose, there are combined document shredders that can process various media.
In addition, some paper shredders can destroy staples or paper clips, so that stapled papers do not have to be separated laboriously first.
Shredders with security levels 1, 2 and 3 usually use the strip cut, in which the paper is cut into long, narrow strips. The strips are up to approx. 7 mm wide. The cutting performance is higher for devices with strip cut than for devices with particle cut. They destroy the data media in less time.
When particle cutting, or cross-cutting, the data carrier is cut lengthwise and crosswise, so that small particles are formed. The size of the particles depends on the security level in which the shredder is placed. In general, this form of destruction is considered safe and suitable for documents with a high level of confidentiality (security levels 3 to 7).
The noise level of the shredder, which can reach the volume of a vacuum cleaner on some devices, is not to be underestimated. That bothers the other colleagues - especially when much is shredded. For this reason, a quiet device of around 50 dB is recommended in larger offices.
Care: Do shredders need to be oiled?
Especially when document shredders are running regularly, the two cutting rollers running mechanically against each other wear out over time. As soon as the appliance makes unusual noises, it should be re-oiled. If the appliance is used regularly, oil once a week is sufficient. Regular cleaning with oil is particularly recommended for particle cutting. This allows particles to be removed that have caught in the cutting rollers.
A range of products are available, such as oil paper and oil from the bottle.
Oil paper: This A4-size paper is placed in the shredder like a normal paper and crushed by the cutting rollers. Cutting releases the oil and lubricates the cutting rollers evenly. Some manufacturers recommend that after shredding the oil paper, reverse the shredder gear to distribute the oil even better.
However, oil paper can only be used if the cutting rollers are not yet blocked.
Oil: If you use oil from the bottle, you need a quiet hand and some experience. Too much oil can damage the device, too little oil does not help against wear. Tip: Apply the oil to a normal sheet of paper and use it like an oil paper. This ensures an even oil film on the cutting rollers.