Source: HSM Shredders -

Find the full range of HSM shredders on our website by clicking the logo below:



Despite the legal obligation created by GDPR, using a shredder with an inappropriate security level or not using a document shredder at all are still amongst the most common data protection shortcomings. Documents with personal data should not be simply discarded, but must be shredded in a GDPR-compliant paper shredder.


Which data should be destroyed according to GDPR?

It is generally considered best practice to shred all documents in hard copy form to be on the safe side, but critically GDPR states documents with personal data must be shredded. According to the GDPR it is personal data which, above all, must be destroyed.

What are personal data?

According to GDPR, it is essential to destroy data which refer to a person. These are, above all, data which can be assigned to a natural person or which refer to a natural person. They are all individual pieces of information about the personal or factual circumstances of a person. For example:

• Name
• Age
• Address
• Marital status
• Body height and weight
• Phone number
• E-mail address
• Licence plate
• Health data
• Value judgments such as certificates
• Account number
• Personnel number
• Racial and ethnic origin
• Political opinions
• Religious or ideological beliefs
• Trade Union membership


What is best practice for GDPR compliant document shredding?

If you use a document shredder which does not meet data protection requirements, you may have a data protection breach. This means that the data will not be destroyed in compliance with GDPR. It is therefore vital to use a shredder which is GDPR compliant.


Which document shredders are GDPR compliant?

If files and documents contain personal data, their destruction in accordance with data protection laws must be carried out without fail. The use of a GDPR-compliant document shredder is recommended for this purpose.

But when is a document shredder GDPR compliant?

The old international standard DIN 32757 for shredder security levels was superceded by DIN 66399 some years ago.

The storage media containing our confidential data and information are now many and varied. Along with paper, the classic data medium, digital data media now also plays a major role. The DIN 66399 standard takes this diversity into account, and defines what security means for all our modern media.

DIN 66399 supercedes DIN 32757 and describes the requirements for machines and processes for shredding data media. The standard was developed by the Standards Committee for Information Technology and Applications (NIA).

The more sensitive the data are, the higher the security level of the document shredder should be to ensure data protection. You can find our guide to Security Levels here . At The Shredder Warehouse we recommend a minimum security level of P-4 to comply with GDPR. 


The amount of data to be destroyed and other criteria should also be considered when purchasing a suitable shredder and it should be borne in mind that although P-4 is the minimum level we recommend for GDPR compliance, a higher level of security may be needed for your own specific application.

Please feel free to call our expert team for guidance on this - 01225 690700