HomeResourcesThe data destruction certificate, explained
Guide

The data destruction certificate, explained

What a certificate of data destruction really is, what it must contain, and why a batch statement won’t save you at audit.

A certificate of data destruction is your proof that the data on a device was securely and irreversibly removed. Under UK GDPR it’s a core piece of accountability — but only if it’s done properly.

What it must contain

  • The device make, model and serial number.
  • The method and standard (e.g. NIST 800-88 Purge, or physical destruction).
  • The date and the operator responsible.
  • A verifiable result and a link to the device’s chain of custody.

Why per-device beats per-batch

“We destroyed 40 drives” tells an investigator nothing about your drive. A per-device, serial-level certificate proves the specific asset was handled — which is what a data-breach enquiry or auditor demands.

Where it fits

The certificate is one of three records for compliant IT disposal, alongside WEEE evidence and a DWTS movement record.

WipeTrail generates per-device, serial-level certificates aligned to NIST 800-88, each backed by a full chain of custody. Book a demo.

Frequently asked questions

What is a certificate of data destruction?

Per-device proof that data was securely and irreversibly removed, including serial number, method, standard, date, operator and result.

Do batch certificates count?

Per-device, serial-level certificates are what stand up to audit or a breach enquiry; batch statements generally don’t.

Is a certificate required by GDPR?

UK GDPR requires you to demonstrate secure disposal of personal data; a proper certificate is how you evidence it.

Ready when you are

See WipeTrail on your own kit.

Book a 20-minute demo and we’ll walk the whole flow — collection to certified wipe to resale — and show how fast you could be live before the DWTS deadline.

Book a demo →