As digitization took off at the turn of the century, protecting and destroying digital data became just as important. After all, what do you do with the hard drive from an old server? Or that USB stick from the help desk?
Data destruction changed from something physical (paper) to something technical:
shredding, erasure, de-magnetization and everything in between.
This created a need for clear rules. Standards, in other words. These came from different quarters:
By now, it is impossible to imagine doing without these standards.
For companies, it has long since ceased to be about “just wiping a hard drive,” but about demonstrable security, compliance, AVG-proof work and professionally responsible recycling.
And that’s exactly where we as IT recyclers come in.
🔹 DIN 66399 – Only a technical standard, not a certificate
DIN 66399 is a German technical standard that defines how large the particles should be after destruction of information carriers. There are different categories (P, H, T, E, etc.) depending on the type of media (paper, hard disk, tape, etc.), and within each category there are security classes (1 to 7) that say something about the fineness of destruction.
But note:
DIN 66399 says nothing about how well or how safe you work as a company. There is:
- No audit
- No certification
- No checking whether you really stick to it
Choosing the protection class is up to the customer, depending on how sensitive the data is.
So saying “destroys according to DIN 66399 H-5” only means:
👉 The pieces are smaller than 10 mm². No more, no less.
In IT recycling, we destroy:
- Hard drives, tapes and telephones Standard at H-5 level (max. 9 mm²)
- Modern digital media such as USB sticks, CF cards, SIM cards, SD cards and SSDs at E-6 or T-6 level: 2 mm fine, on site. We are the only one in the country can do this.
That way you know exactly how thorough the physical destruction is.
Overview of DIN 66399 destruction levels
| Category | Application | Security levels | Maximum particle size | Note |
|---|
| P | Paper, microfilm | P-1 to P-7 | P-1: 12 mm strips P-7: max. 5 mm² |
For paper documents |
| H | Hard drives (magnetic) | H-1 to H-5 | H-5: max 320 mm², max 10 mm | H-5 = recommended for sensitive info |
| T | Magnetic tapes (e.g., backup tapes) | T-1 to T-5 | T-5: max. 10 mm² | Much the same as H category in terms of requirements |
| E | Electronic storage media (USB, SSD) | E-1 to E-5 | E-5: max. 10 mm² | Also applicable to smartphones, SIM cards, etc. |
| F | Optical media (CD/DVD/Blu-ray) | F-1 to F-3 | F-3: max. 0.5 mm² | For extremely sensitive data |
| O | Film/microfiche | O-1 to O-6 | O-6: max. 0.2 mm² | Very specific for archival film |
🔹 ISO 27001 – Management system for information security.
ISO 27001 is a true certification, with an annual external audit.
This standard is not about how big pieces are, but about how you handle information security in the broadest sense as an organization.
At IT recycling, we have ISO 27001 certification hanging on the wall.
The standard requires us to:
- Analyze and manage risks
- To learn from mistakes and incidents
- Ensure business continuity
- Establish and implement control measures
- Document everything and evaluate it regularly
Because we destroy confidential data every day, ISO 27001 is largely about the risks surrounding data destruction and processing. It is the standard that demonstrates that you take information security seriously.
🔹 ISO 9001 and 14001 – Quality and environment
We are also ISO 9001 (quality) and ISO 14001 (environment) certified.
That means we are continuously working on:
- Customer Satisfaction
- Efficient processes
- Environmentally conscious processing
- Complying with laws and regulations
The combination of these three ISO standards shows that, as a company, we work professionally, reliably and sustainably.
🔹 NIST 800-88 – The American Standard
NIST 800-88 is a standard from the U.S. NIST (National Institute of Standards and Technology).
It deals exclusively with how to destroy data, both via software (erasure) and physically (shredding).
In the Netherlands, this standard is hardly known, and no one here is officially certified on it. Still, some customers ask about it, for example because they have read something on the Internet or because their parent company is in the US.
Fact is: our methodology exceeds NIST 800-88 in practice.
Thanks to our combination of:
- ISO 27001 (information security)
- Weeelabex (responsible disposal of e-waste)
- DIN 66399 (technical implementation standard)
…we more than meet what NIST 800-88 requires. And in some ways even more.
There are only a few minor details from the NIST standard that cut across, but they do not detract from the quality of our service.
🔹 CA+? Not applicable to us
CA+ is a seal of approval for paper archive destruction.
That means: secure transport, sealed containers, central processing.
We do not do paper or transport confidential data.
We come on site with our mobile shredder and destroy the data carriers there under the customer’s supervision.
Therefore, CA+ is simply not suitable for IT recycling.
We are all about hard drives, SSDs, USB sticks, tapes and smartphones. Not boxes full of paper.
🔹 And of course: the AVG
The General Data Protection Regulation (AVG) requires organizations to properly protect personal data. Even if you want to delete them.
When you partner with IT recycling for data destruction:
- Are you as a customer fully AVG-proof in terms of the data carriers handed in
- Does IT recycling act as a processor of this data, under your responsibility
- Is all data irreversibly destroyed, under control and with supporting documents
IT recycling itself is more than compliant with the AVG:
- We have an ISO 27001 system for information security
- We process personal data only on behalf of customers
- We keep a full processing record
- We have a clear, up-to-date AVG statement on our website
That way you can be sure that everything is also legally sound.
What can you expect from us?
With each data destruction you receive:
- Certificate of data destruction
- Who destroyed
- Who was responsible
- Which method was used
- According to which DIN 66399 category
- List of data carriers with serial numbers
- Environmental Certificate
- Who recycled
- Who the responsible person was
- According to which environmental standards (ISO 14001, Weeelabex)
- Official transport documents (for waste streams)
- Invoice
This document set is sufficient for any auditor and meets the requirements of all common auditing bodies. No gray areas, no vague promises, just everything laid out in black and white.