Significance of DIN 66399

Up to September 2012, DIN 32757 was applicable to the destruction of data carriers. However, this was highly generic and contained vague formulations, which meant that there were various ways of implementing the standard. To deliver definitive consistency, the standard was revised and DIN 32757 was replaced by DIN 66399.

DIN 66399 now contains clear provisions and rules, and therefore establishes uniformity. A wide variety of groups contributed to the definition and classification of the DIN standard: the process involved bodies such as machine manufacturers, the German Federal Office for Information Security and various document shredding service providers. DIN 66399 was published in October 2012. It was also elevated to an international standard under the abbreviation ISO 21964.



  • Value for money
  • Sustainable
  • Self-delivery
  • Comfortable
  • Regularly


Foundations of DIN 66399

The General Data Protection Regulation applies not only to data that is stored in your office, but also to data that you wish to dispose of. Confidential data can be found everywhere, and anyone who deals with such data must ensure that it is destroyed in accordance with data protection regulations.

According to DIN 66399, this means that data carriers containing personal data must be destroyed in such a way that their recovery is either impossible or only possible with special effort, i.e. with special tools or by specialist personnel. Distinctions are made here depending on the degree to which the information needs to be protected and the physical properties of the data carrier. A decision is made depending on the type of data and data carrier, and appropriate measures are taken.

grafik en haberling

Protection requirements and protection class

With regards to document destruction, data is divided into different protection classes to take into account the economic efficiency and the need for protection. The degree to which the data requires protection determines the choice of protection class and security level. The classification establishes the organisational measures that must be implemented in the area of document destruction, in order to comply with the corresponding protection classes.

The need for protection, the protection classes, security levels and the precise organisational measures are always determined by the "data controller" or data owner.

The different protection classes

Protection class 1 – Normal sensitivity for internal data

This protection class applies to information that was intended for larger groups of people from the outset. If this type of data were to be compromised, the negative impact on the company would be limited. In the event of data protection violations, the affected party could only be slightly affected in their social position and economic circumstances.

Protection class 2 – High sensitivity for confidential data

Applies to information that is only intended for a smaller group of people from the outset. If data protection violations were committed here, they would have serious consequences for the company and could violate contractual obligations or laws. The affected party would therefore be significantly affected in their social position and economic circumstances.

Protection class 3 – Very high sensitivity for particularly confidential and secret data

Protection class 3 pertains to information that was intended from the outset for a very small group of persons specified by name. If data protection violations were to occur here, they would have existentially threatening consequences or would violate professional secrets, laws and contracts.

The security levels at a glance

Security level 1: General data – recovery with simple effort

Security level 2: Internal data – recovery with special effort

Security level 3: Sensitive and confidential data – recovery with considerable effort

Security level 4: Particularly sensitive and confidential data – recovery with exceptional effort

Security level 5: Data that must be kept secret – recovery with indefinable effort

Security level 6: Secret high-security data – recovery currently not technically possible

Security level 7: Top secret data – recovery impossible

The combination of protection classes and security levels

The table below contains the combinations of protection classes and security levels recommended by the DIN committee. The table clearly shows that the combination of a very low protection class with a very high security level and vice versa does not make sense from the perspective of the committee. The correct classification is always determined by the data owner, i.e. the data controller.

The assignment of protection classes and security levels

With the following table it is possible to assign the three protection classes and the security levels, although each case should be individually determined by means of a risk analysis. When dealing with data of different protection classes, the security levels and protection classes can be separated as applicable. However, if this is not possible then the data carriers must be destroyed according to the highest protection class and security level.

grafik en haberling2

Increasing the security levels

The destruction of files in large plants and the mixing and blending of large volumes of different data offers a significant increase in security. In such cases, DIN allows for a security level elevation whilst maintaining the same particle size. However, the security level can only be raised when information is displayed in its original size, only by one step and up to a maximum of security level 4. Thanks to our modern shredding plant and high process volumes, we satisfy this criterion.

Data carrier destruction process according to DIN 66399 SPEC

Part 3 of DIN 66399 (DIN 66399-3) is merely a "pre-standard" (SPEC). This means that it is not yet a fully-fledged DIN standard. Despite this, it is already treated as a standard in the commercial environment.

The destruction of data carriers is understood as a complete process in which the individual process stages are to be examined, safeguarded and implemented. The data owner, i.e. the data controller, is responsible until data destruction is complete. Once the agreed security level has been reached, the data is considered to have been deleted.

The entire process is usually divided up between the data controllers and external service providers. It is particularly important in this context to consider the delimitation of tasks and to define the organisational measures.

3 possible process variants exist here:

Variant 1:  Data carrier destruction by the data controller themselves
Variant 2:  Data carrier destruction by a service provider on site
Variant 3:  Data carrier destruction by an external service provider

Determination of the risk structure

After determining a process variant, it is necessary to check in advance whether the technical and organisational requirements of the corresponding protection class and security level are satisfied. When defining the protection class and security level, the data controller should answer the following questions: 

  • Which information is to be classified in which protection classes?
  • Which security level should be applied?
  • Which of the 3 variants should and can be selected?
  • Which technical and organisational measures should be defined for the overall process?


Certification according to DIN 66399

The DIN standard very precisely defines the conditions that must be present in a company in order to guarantee the corresponding protection classes and security levels. It is possible to certify the company and have compliance with the various provisions confirmed through the appropriate certification bodies. We hold a corresponding certificate, which you can find here.

haberling teaser qualitaet
Request form Icon Nachricht senden Callback service Icon Nachricht senden
haberling ansprechpartner team aktenvernichtung
Your contact

Document- and data carrier destruction

In cooperation with

Kooperation Mammut