What is Data Destruction?

Data destruction is the process of permanently and irrecoverably eliminating data from storage media — through certified software erasure or physical destruction — so it cannot be accessed, recovered or reconstructed. Under UK GDPR, businesses disposing of IT equipment must ensure data is irretrievably destroyed before devices leave their control.

Data destruction is the permanent, irrecoverable elimination of data from storage media — so it cannot be accessed, recovered or reconstructed. Under UK GDPR, this is a legal requirement when disposing of IT equipment that has held personal or business data.

Methods of data destruction

Certified software erasure (wiping)

Certified software overwrites every sector of a drive multiple times to recognised standards, making data unrecoverable without destroying the physical hardware. This allows the drive to be reused or refurbished after erasure. A per-drive erasure report is generated confirming the process and the result.

Physical shredding

The drive is physically destroyed — reduced to fragments that cannot be reconstructed. This is the appropriate method for failed drives, encrypted drives that cannot be reliably wiped, highly sensitive data, or any case where absolute certainty is required. A certificate of destruction is issued per item.

Degaussing — and why we don’t use it

Degaussing uses a strong magnetic field to destroy the magnetic patterns on older hard drives. It is entirely ineffective on solid-state drives (SSDs), which store data in flash memory rather than magnetic patterns. Since SSDs are now standard in most business laptops and servers, degaussing is not a reliable destruction method for modern IT estates. Recycle4Charity uses certified wiping and physical shredding only.

Which method is right for your equipment?

Media type Recommended method
HDD (working) Certified software erasure — drive can be reused
SSD (working) Certified software erasure — flash-aware overwrite
Failed or encrypted drive Physical shredding
Magnetic tape (LTO, DAT) Physical shredding or degaussing (tape only)
USB / flash media Physical shredding
Optical media (CD, DVD) Physical shredding

Your GDPR obligation

Under UK GDPR and the Data Protection Act 2018, your organisation remains the data controller until data is irretrievably destroyed — even when the device is being collected by a disposal provider. The ICO specifically identifies inadequate disposal of IT equipment as a significant source of data breaches. A certificate of data destruction provides the documented evidence required for your compliance records and any ICO audit.

See our secure data destruction services for London businesses, or our guide to what a certificate of data destruction should include.

Frequently asked questions

Data destruction is the permanent, irrecoverable elimination of data from storage media — hard drives, SSDs, USB drives, tapes and other devices — through certified software erasure or physical methods such as shredding, so the data cannot be accessed, recovered or reconstructed by any means.

Data wiping (erasure) uses certified software to overwrite all sectors of a drive, making data unrecoverable without physically damaging the hardware — the drive can then be reused. Physical destruction (shredding) destroys the device itself, making recovery impossible by eliminating the physical media. Both are valid destruction methods; the choice depends on drive type, condition and your security requirements.

Degaussing is effective only on magnetic storage (older HDDs and tape). It has no effect on solid-state drives (SSDs), which now dominate business IT — the data on an SSD is stored in flash memory, not magnetic patterns, and is unaffected by magnetic fields. For this reason, Recycle4Charity uses certified software wiping and physical shredding rather than degaussing.

Yes — a certificate of data destruction is issued for every data-bearing device processed, stating the device details (make, model, serial number where available), the destruction method used and the date. This document satisfies ICO guidance and UK GDPR audit requirements under the Data Protection Act 2018.

Yes. Under UK GDPR and the Data Protection Act 2018, organisations must ensure personal data is securely destroyed when no longer needed, including when disposing of IT equipment. The ICO recommends using a specialist data destruction service and retaining a certificate of destruction as evidence of compliance.