Confidential documents are paper documents, computer media or other storage devices that contain personal data of a person, whether natural or legal.
This is often personal information such as political, religious, sexual orientation, state of health, etc. All information whose protection is regulated by a specific European regulation (EU Regulation 679 / 2016) and which therefore oblige, those who are entitled to process it, to destroy it when the need (or obligation) for storage for the purposes of the processing itself ceases.
The destruction must take place correctly and effectively, so as to prevent the application of civil and criminal sanctions.
What the General Data Protection Regulation says
The introduction, first at European level then at national level of EU Regulation 679 / 2016, has had a strong impact on organizational models and company procedures, as companies have had to pay more attention to the protection, storage and, ultimately, disposal of documents. The law, in fact, focuses on the protection of data processed by the person authorized to process it, protecting the right to confidentiality and the right to be forgotten.
In the event of violation by the person authorized to process, store and destroy the data, the sanctions may be:
- administrative
- civil
- penal
Each penalty is imposed depending on the circumstances and context in which the infringement was committed.
Administrative sanctions
Persons authorised to process the data who do not destroy the same in accordance with the provisions of current legislation once the obligation or need to retain personal data has ended, risk the application of heavy penalties. As far as administrative violations are concerned, these are of two levels:
- The first level corresponds to a fine equal to 2% of the company’s global annual turnover in the previous year, or 10 million euros.
- The second level is equal to a fine of 4% of the company’s global annual turnover in the previous year, or 20 million euros.
Fines are imposed by the Data Protection Authority (the authority that exercises control activities).
Why it is necessary to rely on a specialized company for the disposal of confidential documents
As we have seen, therefore, the phase of destruction of confidential documents (both paper and electronic) is decidedly important as the final phase of the cycle of management and processing of personal data.
It is therefore essential to entrust the destruction and disposal of the supports to a qualified and specialized company, whose equipment and procedures meet the needs and regulatory obligations.
Furthermore, the responsibility of the person authorised to process data does not end when the media are destroyed but also continues in the subsequent phase in which the obligation to treat the destroyed documents as special waste arises.
Specialized companies also carry out an important work of support to companies, giving important information, for example, on which supports can be destroyed, as they have exhausted their usefulness, and which are to be preserved, since they have not yet finished their usefulness.
They also have suitable equipment available to safely dispose of confidential media and archives, guaranteeing companies that use the service the appropriate protections in order to prevent offences such as:
- Corporate and industrial espionage;
- Identity theft;
- Blackmail.
By deleting data with the machinery of specialized companies, security is guaranteed to prevent and avoid similar offences.
From 1 to 7: what are the safety levels of this equipment
The GDPR has described a scale of security points ranging from 1 to 7, in which 1 corresponds to a basic protection while 7 is the highest. The classification was established on the basis of the size of the paper fragments produced by the machine:
- DIN P.1 and P.2 are the lowest levels, suitable for the destruction of documents that need to be made illegible but have very limited requirements. The cut is striped, so they are potentially reconstructable.
- DIN P. 3 is the moderate security level, suitable for the destruction of confidential documents. The cut is that of the fragment therefore difficult to assemble and read.
- DIN P. 4 is the second moderate security level, suitable for the destruction of particularly confidential documents. The cut is that of a fragment, smaller than the previous safety level, and is therefore extremely difficult to assemble and read.
- DIN P. 5 is the high security level, suitable for the destruction of secret documents. The cut is that of the micro-fragment therefore impossible to assemble and read.
- DIN P.6 and P.7 are the highest security levels, suitable for the destruction of exceptionally high secret documents, such as documents from government offices. The cut is that of the super micro-fragment.
Paper documents and digital documents must be disposed of in different ways
The elimination of digital data takes place according to different procedures than paper and the method of destruction is obviously different.
It is useful to remember, for example, that simply deleting computer data from a computer or storage medium is not enough to permanently destroy the data itself. It is often necessary to provide for the physical destruction of the supports.
Eurocorporation s.r.l. is a company specialized in the destruction and disposal of both paper and electronic media containing personal data, thanks to certified procedures at the end of which the destruction is certified in a controlled, secure and definitive manner.
