1. HSM
  2. Shredding
  3. Other
  4. Information about data protection
  5. Professional Groups
  6. Document destruction for assistants
Sekretärin

Secure Document Destruction for Secretaries and Assistants –
Three Answers to Important Questions

Organization, coordination, documentation – executive assistants and secretaries deal daily with many sensitive business documents during their work – many of them still on paper or other analog media. When these are no longer needed, they must be disposed of carefully. But what needs to be considered when securely destroying documents?

Here you will find the answers to three frequently asked questions.

1. Which: business documents must be securely disposed of and why?

2. Who: is responsible for document destruction?

3. How: can documents be disposed of in compliance with data protection regulations?

1. Which business documents must be securely disposed of and why?

From the perspective of the General Data Protection Regulation (GDPR), personal data is particularly sensitive. This includes, for example, names, addresses, email addresses, account numbers, or information about trade union membership.

At the latest, when assistants and secretaries deal with HR or accounting, files containing such information will end up on their desks. It is then essential to ensure that unauthorized persons cannot access or view them. This also applies to documents that have already been sorted out. Otherwise, high fines may be imposed under the GDPR.

From a company’s perspective, many other business documents can also be considered sensitive, for example because they contain internal company information. Assistants and secretaries, due to their interface function and special position of trust with management, often handle particularly sensitive documents. When these are no longer needed or statutory retention periods have expired, they should be securely destroyed to prevent unauthorized access.

Find the Right Shredder
Dokument Übergabe

2. Who is responsible for document destruction?

The responsibility always lies with the company where the data originated. Some companies outsource document destruction to specialized service providers because they want to avoid the effort of disposal and believe that this also transfers responsibility for sensitive data. However, this is a misconception: in the event of a data protection violation, the original company remains liable under the GDPR. This applies even if the error clearly lies with the service provider. If sensitive business documents pass through many stages before destruction, the risk increases that someone along the chain may access them who should not. The consequences must then be borne solely by the original company.

3. How can documents be disposed of in compliance with data protection regulations?

Sensitive data that is no longer needed should ideally be destroyed directly on site. The fewer people, even internally, who have access to it, the lower the risk of data protection breaches. It is therefore recommended to provide a GDPR-compliant document shredder for every office. Secretaries or assistants, just like management, should have their own device at their workstation. All shredders must meet at least security level P-4, meaning they are suitable for highly sensitive, confidential, and personal documents. Such devices shred paper into so many pieces that reassembling it would only be possible with extraordinary effort. Depending on the model, they can also securely destroy other media such as CDs, transparencies, or USB sticks.

HSM_Sicherheitsstufen SECURIO.png