Is your paper shredder GDPR compliant?
- julieconway18
- Apr 10, 2018
- 3 min read
We often get asked by businesses how best to dispose of paper waste, which may contain sensitive information, and so we have compiled a guide to what the different levels of data destruction via shedding mean.
Firstly identify which protection class your business falls in to from the following Three Protection Classes:
(Three protection classes help to classify what level of protection you need for your data. This in turn helps you to identify what security level is appropriate for the destruction of this data).
· Protection Class 1 – Normal security requirement for internal data.
The unauthorised publication or distribution of data would have a negative but limited impact on the company. Protection of personal data must be ensured – otherwise there would be a risk to the position and financial situation of the persons affected.
· Protection Class 2 – High security requirement for confidential data.
Unauthorised distribution would have a considerable effect on the company and could violate legal obligations or laws. The protection of personal data must fulfil strict requirements – otherwise, there would be a considerable risk to the social standing and financial situation of the persons affected.
· Protection Class 3 – Very high protection requirement for particularly confidential and secret data.
Unauthorised distribution of paperwork would have serious consequences for the company (threatening its existence) and violate trade confidentiality obligations, contracts or laws. It is essential that the confidentiality of personal data is maintained. Otherwise there is a risk to the health and safety of the affected persons or a risk to their personal freedom.
Once you know which protection class you require you can use the list below to identify what security level you should look out for when looking for a GDPR compliant shredder.
Seven Security Levels
The previous DIN standard had five official security levels (a sixth ‘unofficial’ level was also sometimes referred to). However the new DIN 66399 has seven levels, with security level 1 being the largest particle size and level 7 being the smallest (and therefore most secure).
Each of the three protection classes has corresponding security levels:
Protection Class 1 – Security levels 1, 2, 3
Protection Class 2 – Security levels 3, 4, 5
Protection Class 3 – Security levels 5, 6, 7
The following are the recommended security levels for paper and other material/media:
Security Level P-1 – General documents (or other media) that need to be made illegible (shredded into at least 12mm wide strips or maximum particle size of 2000 mm²)
Security Level P-2 – Internal documents (or other media) that need to be made illegible (shredded into at least 6mm wide strips or maximum particle size of 800 mm²)
Security Level P-3 – Data that is sensitive, confidential or personal in nature (shredded into at least 2mm wide strips or maximum particle size of 320 mm²)
Security Level P-4 – Data that is highly sensitive, confidential or personal in nature (shredded into a maximum particle size of 160 mm²)
Security Level P-5 – Data that is secret in nature (shredded into a maximum particle size of 30 mm²)
Security Level P-6 – Data that is secret in nature where an exceptionally high level of security is required (shredded into a maximum particle size of 10 mm²)
Security Level P-7 – Data that is top secret in nature where the strictest level of security is required (shredded into a maximum particle size of 5 mm²)
Most shredders intended for home or personal use feature a security level between P-1 to P-4. If you are an individual looking to shred your own confidential data these levels (especially the higher ones) should be suitable in the vast majority of cases. As a general guide, levels P-5 to P-7 are for businesses and government departments who have highly sensitive or secret data to shred, although many businesses will use shredders with lower security levels when the data isn't that sensitive.
With this in mind go for a Level P-4 or higher when you purchase your next shredder to ensure you are in line with the EU standard.
While Level P-4 would work well for home based or very small businesses with no sensitive data, P-5 or higher would be recommended for larger businesses, depending on how much sensitive information you are processing, and the volume of shredding you will be doing.
Comments