- HSM
- Shredding
- Other
- Information about data protection
- Legal
- Legal basis
Protecting data - legal basis
The issue of data protection mainly concerns the protection of personal data. Particularly in the commercial environment, there has been a significant increase in the amount of personal data collected in recent years. In order to ensure that companies process, destroy and protect personal data correctly, the GDPR has regulated how companies must handle personal data since 2018.
Data protection - the most important points
A complete documentation and information obligation applies to the collection of personal data.
Chapter 3, Article 13, paragraph 1 GDPR, information obligation and right to information.
If personal data are collected, the person responsible must present and guarantee a complete documentation on the purpose, duration, storage and deletion of the data.
Chapter 3, Article 17, paragraphs 1 and 2 GDPR, right of cancellation (right to be forgotten).
The persons responsible are obliged to delete the collected data immediately and completely if so requested. They must ensure that all links to these personal data or copies thereof are irrevocably destroyed. For exceptions, see paragraph 3, e.g. when fulfilling a legal obligation, such as processing of orders.
Chapter 4, Article 32, paragraph 2 GDPR, security of processing.
- Technical and organizational measures to adequately protect natural persons. Personal data may only be processed on the instructions of a responsible person, and a confidentiality agreement must have been concluded.
- A regular process to review the measures taken for data security.
More severe imposition of fines
Chapter 4, Article 33, paragraph 1 GDPR Notifications of violations of protection.
In the event of a violation regarding the protection of personal data, the person responsible shall immediately report the incident to the competent supervisory authority, in accordance with Chapter 6, Article 51.
Chapter 8, Article 83, paragraphs 4 and 5 GDPR, imposition of fines.
The framework of sanctions has been tightened considerably, and a fine of up to EUR 20 million or up to 4% of the previous year's worldwide turnover can be imposed in the event of a breach of the regulations.
GDPR-compliant destruction of personal data
Personal data which have been recorded in paper form must also be professionally destroyed. Disposal in a paper waste bin or even tearing the paper up beforehand is not sufficient in this case.
Be on the safe side ...
... and destroy personal documents where they are generated: directly at the workplace.
HSM provides the right solution for every security requirement. We help you to choose the right shredder. For GDPR-compliant data destruction, HSM recommends a shredder with a security level of at least P-4. More information on GDPR-compliant document destruction can be found here: DSGVO-konforme Aktenvernichtung – welche Aktenvernichter sind hierfür geeignet?
Here you will find more information on the subject of "data protection" or "protection classes and security levels".
