Shredder Security Levels

Classification levels

Identifying the sensitivity of data and assigning the classification level

In order for the destruction of data carriers to comply with the principles of economy and proportionality, the data contained on them shall be assigned a classification level. The security level which is chosen for the destruction of the data carriers is determined by the sensitivity of the data.

Classification level 1:
Normal sensitivity for internal data: the most common classification of information, intended for large groups of people. Unauthorized disclosure or transfer would have limited negative effects on the company. Protection of personal data shall be guaranteed. Otherwise there is a risk that persons affected may suffer damage to their reputation and economic circumstances.

Classification level 2:
Higher sensitivity for confidential data: the information is restricted to a small group of people. Unauthorized disclosure would have serious effects on the company and may lead to violation of laws or contractual obligations. The protection of personal data shall meet stringent requirements. Otherwise there is a risk that persons affected may suffer serious damage to their social standing or economic circumstances.

Classification level 3:
Very high sensitivity for confidential and secret data: the information is restricted to a very small group of persons, known by name, who are authorised to access it. Unauthorised disclosure would have serious, existence-threatening effects on the company and/or would lead to violation of trade secrets, contracts and laws. The protection of personal data shall be absolutely guaranteed. Otherwise, the life and safety of persons affected may be at risk, or their personal freedom may be jeopardised.

Assignment of classification levels and security levels see table below:

DIN 66399 protection classes

Table referenced from DIN66399.com