Correctly destroying hard drives

The General Data Protection Regulation (GDPR), which came into force in 2018, deals not only with the protection of existing data, but also with its deletion in accordance with the law. This applies, of course, to all types of data carriers selected for the storage of personal data. In companies, hard drives are very often used as storage media for personal data. These hard drives must be destroyed in accordance with the GDPR regulations, just like the paper on which data is stored, for example.

If hard drives are used for the storage of personal, sensitive data, the same regulations apply for data destruction as for the destruction of other data carriers, for example paper or CDs. This means that data destruction, in this case destroying a hard drive, must comply with data protection laws. Just deleting a hard drive is not compliant with the GDPR and where there is data misuse, this can lead to drastic penalty payments.

Should it therefore be necessary to destroy a hard drive/data and the data it holds, you must be compliant with the GDPR regarding its destruction.

The solution for the correct destruction of data on a hard drive is therefore mechanical destruction!
Only the professional destruction of the hard drive using a shredder can ensure that the data on the hard drive is destroyed permanently, irretrievably and in accordance with data protection laws. However, the protection level required for the data and the corresponding security level of the shredder must also be taken into account here.

To further increase the security of the destruction, the data should be destroyed directly at the point of origin, within the company.

If a hard drive has been used as a storage medium for personal data, these can be deleted by erasing the data from the hard drive. However, this does not correspond to an irrevocable deletion. This means that simply deleting the data from the hard drive is not sufficient to destroy it, as it is possible to recover the deleted data at any time. Data can therefore still fall into the wrong hands.

Overwriting the data on the hard drive is not sufficient, because overwriting never destroys all the data and these data would therefore also be recoverable and could be read by unauthorized persons.

If you want to get rid of the data on a hard drive so that it is irrevocably destroyed, the data carrier, i.e. the hard drive itself, must be destroyed.

If companies decide to destroy a hard drive by trying to destroy it themselves, it must be pointed out that this usually does not destroy the data irretrievably. The destruction of the data on a hard drive by destroying the drive yourself, e.g. with a hammer, is not sufficient to protect the data from unauthorized persons. Experts are still able to save and restore the data even after the hard drive has been damaged by tools. In addition, it should be noted that there is a high risk of injury if someone tries to destroy a hard drive themselves.

Neither deleting the data on a hard drive nor destroying the hard drive oneself is enough to permanently and irrevocably destroy the sensitive data and thus protect it from being accessed by unauthorized third parties.

To destroy a hard drive in accordance with data protection, a shredder or media shredder should used, which is able to shred hard drives. You must ensure that the shredder has an adequate security level. The higher the data’s protection need, this means the more sensitive it is, the higher the shredder’s protective class should be.

Depending on the media shredder selected, the security level is H-3 or higher. The HSM Powerline hard drive shredders transform digital data media into very small particles, making recovery impossible. Secure, data protection compliant and economical.

If you would like to learn more about protection classes and security levels, please visit our page Protection Classes and Security Levels.

Or get in touch with us. Our experts will be happy to advise you.

 Discover HSM media shredders