Protecting data - GDPR-compliant document shredders

That the subject of data protection also includes the correct destruction of these data is regulated by law. Documents that are in non-digital form must also be destroyed in accordance with these legal requirements, such as files and documents on data carriers .
Despite these legal requirements, the use of document shredders with the wrong security level or neglecting to use a document shredder at all are still amongst the most common data protection gaps. Documents with personal data do not belong in a waste paper basket, but in a GDPR-compliant document shredder.

Which data have to be destroyed according to the GDPR?

Although the data protection regulations generally state that papers and documents in hard copy also have to be destroyed, this is not necessarily true for all documents. It depends on the data they contain. You really do not have to put every document through a document shredder, only those documents which contain data requiring protection. The GDPR states documents with personal data. According to the GDPR it is personal data which, above all, must be destroyed.

What are personal data?

According to the GDPR, it is particularly important to protect data which refer to a person. These are, above all, data which can be assigned to a natural person or which refer to a natural person. You will find a specific list of which details are considered to be personal data on our website. These are exactly the data which have to be destroyed in compliance with the GDPR.

What has to be observed regarding GDPR compliant document destruction?

There are several points to observe to ensure a GDPR compliant destruction of personal data. Most important is, of course, the use of a document shredder which meets the data protection requirements. If you use a document shredder which does not fulfil the data protection requirements, you have a data protection breach. This means that the data will not be destroyed in compliance with the GDPR. It is therefore vital to use a shredder which is GDPR compliant.

Which document shredder is GDPR compliant?

If files and documents contain personal data, their destruction in accordance with data protection laws must be carried out without fail. The use of a GDPR-compliant document shredder is recommended for this purpose.

But when is a document shredder GDPR compliant?

There are various security levels which document shredders meet - or don’t meet. The more sensitive the data are, the higher the security level of the document shredder should be to ensure data protection. A description of the different protection classes and security levels can be found on our site Security Levels and Protection Classes. A document shredder is GDPR compliant when it has a security level of at least P-4 (recommended by the HSM experts).

HSM therefore recommends a GDPR-compliant shredder with a security level of at least P-4. The amount of data to be destroyed and other criteria should also be considered when purchasing a suitable shredder.
For data with higher sensitivity, we recommend the purchase of a shredder with a higher security level. These levels are determined by ISO/IEC 21964 (DIN 66399).

With our product configurator, you can easily find the right document shredder for you to comply with data protection.

Comply with data protection - with GDPR-compliant document shredders from HSM

For GDPR-compliant data destruction HSM recommends document shredders at security level P-4 or higher, depending on the data protection requirements*.

When selecting the correct security level for the document shredder, please consider the type of data to be destroyed.For example, a doctor should use a shredder with a minimum security level of P-5 for sensitive patient data such as prescriptions. For a human resources department, on the other hand, it is recommended to use a document shredder with security level P-6, since this is where, for example, employee sick leave notifications are processed.

*Recommended by the HSM experts