The data destruction certificate, explained
What a certificate of data destruction really is, what it must contain, and why a batch statement won’t save you at audit.
A certificate of data destruction is your proof that the data on a device was securely and irreversibly removed. Under UK GDPR it’s a core piece of accountability — but only if it’s done properly.
What it must contain
- The device make, model and serial number.
- The method and standard (e.g. NIST 800-88 Purge, or physical destruction).
- The date and the operator responsible.
- A verifiable result and a link to the device’s chain of custody.
Why per-device beats per-batch
“We destroyed 40 drives” tells an investigator nothing about your drive. A per-device, serial-level certificate proves the specific asset was handled — which is what a data-breach enquiry or auditor demands.
Where it fits
The certificate is one of three records for compliant IT disposal, alongside WEEE evidence and a DWTS movement record.
Frequently asked questions
What is a certificate of data destruction?
Per-device proof that data was securely and irreversibly removed, including serial number, method, standard, date, operator and result.
Do batch certificates count?
Per-device, serial-level certificates are what stand up to audit or a breach enquiry; batch statements generally don’t.
Is a certificate required by GDPR?
UK GDPR requires you to demonstrate secure disposal of personal data; a proper certificate is how you evidence it.
Ready when you are
See WipeTrail on your own kit.
Book a 20-minute demo and we’ll walk the whole flow — collection to certified wipe to resale — and show how fast you could be live before the DWTS deadline.
Book a demo →