DIN is Deutsches Institut für Normung, in English is the German Institute for Standardisation.
is a German national organization for standardization.
DIN is the German ISO member body.
There are around thirty thousand DIN standards, covering nearly every field of technology.
ISO/IEC 21964 (former DIN 66399) ; DIN 66399 (former DIN 32757)
following the ISO 21964 norm is essential for preventing data breaches.
Material Categories:
The standard uses six material classifications to indicate the type of data carrier.
These are always used in combination with a security level, e.g. P-3 or H-6.
P – Paper and printed materials (e.g. documents, books)
F – Film-based materials (e.g. microfilm, microfiche)
O – Optical media (e.g. CDs, DVDs, Blu-ray)
T – Magnetic tapes (e.g. cassettes, ID badges)
H – Hard drives with magnetic storage
E – Electronic storage devices (e.g. USB sticks, memory cards)
Protection Class 1 – Normal Protection
This class applies to internal or general data, which is often accessible to large groups within an organisation.
Example data: Internal memos, general administrative records
Impact of breach: Low; may cause limited damage to the organisation
Personal data: Still requires protection to prevent risks to individuals’ privacy or financial well-being
include Security levels:
Level 1: General documents. Low security; for non-sensitive material.
Level 2: Internal documents. Basic protection for internal use.
Level 3: Sensitive or confidential data. Includes personal data and other private information.
Protection Class 2 – High Protection
This class covers confidential data accessed by a smaller group of authorised individuals.
Example data: HR files, customer data, contracts
Impact of breach: Moderate to high; unauthorised disclosure could violate laws or contracts and cause significant harm to the organisation
Personal data: Must meet stricter protection standards due to potential financial or social impact
include Security levels:
Level 4: Particularly sensitive or confidential data. Stricter shredding requirements.
Level 5: Secret data. High-level destruction needed.
Protection Class 3 – Very High Protection
This class is for highly sensitive or secret data, limited to only a few authorised individuals.
Example data: Government documents, classified business plans, medical records
Impact of breach: Severe; could lead to legal violations, safety risks, or threats to individual freedoms
Personal data: Requires maximum protection due to potential impact on health, safety, or personal freedom
include Security levels:
Level 6: Highly secret data. For sensitive operations or protected sectors.
Level 7: Top secret data. Maximum security; smallest possible particle size.
The official DIN 66399 / ISO/IEC 21964 standards are copyrighted; this workbook is a public-source operational summary, not a certified copy of the standard.
Protection class to security level mapping is a guide.