HomeData destruction
Compliance pillar

Certified data destruction, proven per device

The certificate is the proof. Here’s what audit-ready data destruction looks like — and how WipeTrail generates it for every device.

A certificate of data destruction is the proof that the data on a device was securely and irreversibly removed before the device was reused, recycled or destroyed. For any organisation disposing of IT, it’s the single most important piece of evidence — and under UK GDPR and the Data (Use and Access) Act 2025, it’s not optional.

Erasure vs physical destruction

There are two routes to secure sanitisation, and a good ITAD process uses the right one per device:

  • Data erasure (wiping): software overwrites the storage so data can’t be recovered, and the drive can be reused — the greener, higher-value option.
  • Physical destruction: shredding or degaussing the media, used where a drive fails, can’t be wiped, or the client requires it. It needs its own evidence (photos, logs, serials).

The standards that matter

  • NIST Special Publication 800-88 Revision 1 — the internationally recognised guideline for media sanitisation (Clear, Purge, Destroy).
  • HMG IS5 — UK government standard, including a Higher Standard for SECRET-classified material.
  • ADISA — the UK ITAD industry certification (e.g. ADISA 8.0 / DIAL 2) many buyers now require.

What a certificate that stands up to audit contains

  • The device make, model and serial number — per device, not per batch.
  • The method and standard used (e.g. NIST 800-88 Purge, or physical destruction).
  • The date, the operator, and a verifiable result.
  • A link to the chain of custody for that exact device.
Batch certificates and “we destroyed 40 drives” statements don’t survive an audit or a data-breach investigation. Serial-level, per-device certificates do.

How WipeTrail handles it

WipeTrail generates one-click certificates — data erasure, physical destruction, WEEE and reuse — straight from the operational record, each tied to the device’s serial and its full event history. Your customers download them from their portal; you keep a complete, exportable audit trail. Pair it with DWTS-ready records and WEEE evidence and every device is fully accounted for.

Frequently asked questions

What is a certificate of data destruction?

It is the per-device proof that data was securely and irreversibly removed before reuse, recycling or destruction, including the serial number, method, standard and result.

What is NIST 800-88?

NIST Special Publication 800-88 Revision 1 is the internationally recognised guideline for media sanitisation, defining Clear, Purge and Destroy methods.

Is data erasure or physical destruction better?

Erasure lets a working drive be securely reused (greener, higher value); physical destruction is used when a drive fails, cannot be wiped, or the client requires it. A good process uses the right one per device.

Do batch certificates count?

Per-device, serial-level certificates are what stand up to an audit or a data-breach investigation. Batch statements generally do not.

Ready when you are

See WipeTrail on your own kit.

Book a 20-minute demo and we’ll walk the whole flow — collection to certified wipe to resale — and show how fast you could be live before the DWTS deadline.

Book a demo →