With advancing technological developments, the correct and data protection-compliant disposal of devices and documents is an important task. Here we would like to present some key points on this topic.
- Hard disks: The disposal of hard disks requires special attention to ensure compliance with the ISO 27001 standard. We recommend professional data erasure by a certified service provider or the physical destruction of the hard disk. A company such as Deutsche Aktenvernichtung can be of assistance here. The data must be collected in sealed urns and handed over to the certified partner.
- Printed documents: Printed documents containing sensitive information should be disposed of with a partner certified by a destruction center. This ensures data protection-compliant processing and complete destruction of the information.
Normal shredders can also be an option. However, this depends on the internal classification or the legal status of the document in question. The shredding method must also be taken into account here. Here is a brief overview of which shredder is required and when.
Security level P-2 (strip cut):
Suitable for internal documents that do not require strict confidentiality.
Security level P-3 (cross cut):
Ideal for personal documents, confidential business documents and financial records.
Security level P-4 (particle cut):
Required for sensitive data, such as personal data in accordance with the GDPR, confidential documents and secret information.
Security level P-5 (particle cut):
Suitable for top secret materials, such as military data or secrets.
Security level P-6 (micro cut):
Recommended for highly sensitive data and applications where content recovery must be impossible.
- Drucker, Laptops, alte Telefonanlagen, Smartphones und Netzwerkhardware: Für diese Geräte sollten Sie einen zertifizierten Entsorgungsprozess nach ISO 27001-Norm durchführen. Dies umfasst die sichere Löschung aller gespeicherten Daten sowie eine angemessene Recyclingoption für die Hardware. Aber warum müssen wir bzw. Sie dies tun? Diese Geräte enthalten einen Datenspeicher. Die sensible Vernichtung von Datenträgern hört nicht bei Computern oder Servern auch. Vor allem über Drucker bzw. Scanner laufen viele hochsensible Daten. Hier können unter Umständen auch diese Daten rekonstruiert werden. Wenn ein Gerät über einen (zertifizierten) Partner entsorgt wird, kann man somit das Ausbauen solcher Bestandteile aus den entsprechenden Geräten umgehen.
We would like to emphasize that compliance with applicable data protection laws must always be ensured when disposing of technical equipment and sensitive documents. Our team will be happy to answer any questions you may have on these topics and provide support in implementing these procedures.
We hope that this information is helpful to you!