1. HSM
  2. Shredding
  3. Other
  4. Information about data protection
  5. Professional Groups
  6. Destruction of data in administration

 

Bürgermeister

Destroying Documents in Administration –
Three Adjustments for GDPR-Compliant Processes

The requirements of the GDPR pose enormous challenges for district and city administrations: Almost every employee there works daily with confidential or personal documents. When these are no longer needed, they must be properly destroyed. If mistakes occur, not only high fines but also severe damage to reputation can result.

With these three measures, you can make document destruction in administration GDPR-proof.

1. How: Destroy documents internally in administration

2. Where: Destroy documents directly at the workplace

3. With what: GDPR-compliant devices for document destruction in administration

1. How: Destroy documents internally in administration

District and city administrations are responsible for ensuring that unauthorized persons do not gain access to their sensitive data – whether the data is currently being created or already scheduled for disposal. If data protection regulations are violated during document destruction, the administrations are always liable. It makes no difference whether the violation is committed by their own employees or by a service provider entrusted with disposal.

Such external disposal, however, means that sensitive documents pass through additional stations, increasing the risk that someone gains unauthorized access. For administrations, the safest option is therefore to destroy documents in-house using suitable devices. Moreover, the costs and effort involved in commissioning and supervising a service provider should not be underestimated.

 Find the Right Shredder
Dokument Übergabe

2. Where: Destroy documents directly at the workplace

Personal or otherwise confidential files that are no longer needed in city or district administrations should not be kept for an extended period or pass through unnecessary internal departments before being destroyed, for data protection reasons. The fewer people have access to them, the safer. Even internal mistakes or misunderstandings can easily lead to data protection violations.

Sensitive documents should therefore ideally be shredded immediately where they are generated. To achieve this, the administration must be equipped with a sufficient number of suitable document shredders. As a rule of thumb: one shredder per office and one centrally for the ID/passport area..

3. With what: GDPR-compliant devices for document destruction in administration

Document shredders for city or district administrations should have a security level of P-5 or higher according to DIN standard 66399 or ISO/IEC 21964 and be able to destroy ID documents in compliance with DIN standards in addition to paper.

For the destruction of passports, the new Passport Administration Regulation (PassVwV) requires the use of a shredder with security level E-4 / P-5 to ensure that the personalized chip is securely destroyed.

When selecting document shredders for administration, attention should also be paid to performance: appropriately equipped devices can reliably and in compliance with data protection regulations destroy large volumes of paper.

 

HSM_Sicherheitsstufen SECURIO.png