Data protection always has the highest priority - before and after the DSGVO

 

From 25 May 2018, the DSGVO - the new General Data Protection Regulation, which governs the handling of data throughout Europe, applies. But privacy is not new to businesses. Even before the DSGVO, the German Federal Data Protection Act (BDSG), which contained regulations on the handling of personal data, applied. The BDSG has now been adapted to the requirements of the GDPR, existing regulations have been expanded and new requirements added. We summarize some of the key points about privacy - because the maximum data security is our concern.

 

Why is privacy important?

 

Every company must have control and self-determination over their corporate data at all times - and be just as sensitive to customer and business information. In the event of data loss or even data theft, serious legal and economic consequences are threatened. This must be effectively prevented - both by legally compliant internal regulations and codes of conduct and by appropriate technical equipment. In the latter case, however, it is not just state-of-the-art IT security technology that plays a key role in countering attacks by hackers. Also the equipment with powerful shredders, which, in addition to paper, safely destroys data carriers such as CDs or credit and chip cards, is crucial for secure corporate data protection.

Who is responsible for data protection?


Companies with more than nine employees must appoint a Data Protection Officer (DSB). Smaller companies should check whether they meet any other requirements that make their own data protection officer necessary. In any case, an individual business and data protection specialist advice on the changes that accompany the GDPR is urgently recommended.

Keep files properly and destroy them safely.


Enterprises should not only have access to the building or the company premises, but also the regulation of internal access to certain areas is part of a modern security concept. Lockable filing cabinets and secure archive rooms, for example, effectively limit access to sensitive data - even if access to the keys is clearly regulated and made safe in everyday office life. Here, too, external consulting companies help to develop an individual concept for internal data access, including the necessary office equipment.

This also includes document shredders that reliably cover the company's need for security. Dahle offers a wide range of equipment for this, which covers all specifications and requirements for secure data destruction. When choosing the right document shredder, the protection requirements of the data to be destroyed should always be oriented. The higher the protection requirement of the data, the smaller the particle size of the data to be destroyed must be. More about protection classes and security levels can be found in the next paragraph. Incidentally, using the Shredder Configurator makes it easy to choose the right document shredder.

Collage aus drei verschieden fein geschredderten Unterlagen.

Destroy paper documents safely.

 

Printed documents are still the most common document form in business. For the secure destruction of these documents, DIN 66399 defines three protection classes, which are based on the protection requirements of the data:

  • Protection class 1: Normal protection requirement for internal data
  • Protection class 2: High protection requirement for confidential data
  • Protection class 3: Very high protection requirements for particularly confidential and secret data

Depending on the degree of protection, DIN 66399 specifies the level of security with which the data must be shredded in order to ensure data protection and to prevent data from being restored. Shredders should be optimized for the destruction of data on different media. Media include not only paper but also microfilm, transparencies, CDs / DVDs, ID cards, magnetic media and smart cards.

For the classic annihilation of "information representation in original size", such as on paper, DIN 66399 provides for 7 security levels:

P-1 general data / reproduction with time expenditure possible

  • Recommended for data media with general data
  • Material particle area max. 2000 mm² or strip width max. 12 mm


P-2 internal data / reproduction possible with a lot of time

  • Recommended for data carriers with internal data such as invoices, printouts, photocopies, notes that are to be made unreadable.
  • Material particle area max. 800 mm² or strip width max. 6 mm


P-3 sensitive, confidential, personal / reproduction possible with considerable effort

  • Recommended for media containing sensitive, confidential and personal information
  • Material particle area max. 320 mm² or strip width max. 2 mm


P-4 particularly sensitive / reproduction only with special equipment

  • Recommended for data carriers with particularly sensitive, confidential and personal data.
  • Material particle area max. 160 mm² or for regular particles: strip width max. 6 mm


P-5 secret content / reproduction unlikely

  • Recommended for data carriers with secret data
  • Material particle area max. 30 mm² and for regular particles: strip width max. 2 mm

 

P-6 secret data with high security / reproduction impossible

  • Recommended for data carriers with secret data, if exceptionally high security precautions are to be observed
  • Material particle area max. 10 mm² and for regular particles: strip width max. 1 mm


P-7 top secret data / reproduction impossible

  • Recommended for data carriers with data to be kept secret, if the highest safety precautions are to be observed
  • Material particle area max. 5 mm² and for regular particles: strip width max. 1 mm

 

What do I do if my data gets into the wrong hands?


It is advisable to prepare for any data leakage or theft in spite of all data protection measures implemented in the company. Because in the disclosure of personal data threaten the company according to the GDPR very high fines. Above all, the notification of data protection incidents to the responsible authorities within 72 hours is important. The internal responsibilities should already be clarified in principle, so that there are no unnecessary delays. Here, too, companies should receive timely and detailed advice in order to demonstrate a complete security concept.

Blaue Mappe mit der Aufschrift Datenschutz vor Tastatur.

The top 5 security measures for every company.

    1. Properly regulate and control the access to all company data.
    2. Create and build awareness of privacy and the consequences of violations of all employees (eg through training).
    3. Appoint a data protection officer.
    4. Not only the storage and use, but also the destruction and disposal of data and documents in accordance with the law.
    5. Do not tolerate any compromises or exceptions to data protection - only "Zero Tolerance" protects against serious consequences.

    Keep on the safe side: Dahle shredder.


    Thanks to German Engineering by Dahle, our document shredders offer optimum and long-lasting quality as well as reliable safety according to DIN 66399. First of all, the individual requirements for security level and performance are defined and then the right device selected from our range. In addition, the shredders with DAHLE CleanTEC® also provide protection against fine dust, which can significantly contribute to a healthier working atmosphere in the office, depending on the location.
    Find out more about Dahle Shredders now. 

    Sign up for the newsletter now!

    Our newsletter keeps you up to date every four weeks with the most exciting articles around office life. Get inspired. Register now for free and do not miss anything! (Your data will not be shared with third parties and you can unsubscribe at any time.)