DIN Standards are the result of work at the national, European, and international level. Proposals for new standards are submitted and, once accepted, the standards project is carried out according to set rules of procedure by the relevant DIN Standards Committee, the relevant Technical Committee of the European standards organization CEN (CENELEC for electrotechnical standards), or the relevant committee at the International Standards Organization, ISO (IEC for electrotechnical projects). DIN Standards are reviewed at least every five years. If a standard no longer reflects the current state of technology, it is either revised or withdrawn.

The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), who together form the specialized system for worldwide standardization, established a joint technical committee, ISO/IEC JTC, in the field of information technology. In August of 2018, ISO/IEC JTC internationally standardized the German Institute for Standardization’s DIN 66399 terms and principles for destruction of information technology data carriers. This standard, ISO/IEC 21964, is now being referenced by organizations on an international level when referring to data destruction requirements. The materials referred to in security levels are identical to those referenced in DIN 66399.

Three Protection Classes of DIN 66399 aka ISO/IEC 21964

The protection requirement of data is classified into three different classes. To determine the specific protection requirement and resulting protection class, it is necessary to assess data type.

• Class 1 is for the normal protection required for internal data where disclosure would have a negative impact on a company or a risk of identity theft of an Individual.
• Class 2 is for the higher protection for confidential data where disclosure would have a considerably negative effect or could breach legal obligations of a company, or offer a risk of adverse social or financial standing of an individual.
• Class 3 Is for very high protection for confidential and top secret data which, if disclosed, could have terminal consequences for a company or government entity, and have a health and safety or personal freedom risk to individuals