Scandic IT

Blog · Data security

Certified data erasure or physical destruction: how to choose

Wiping a drive and shredding it both make data unrecoverable, but they are not the same choice. Here is how to pick the right one for each device.

KH Kasper Horn Nielsen 24 June 2026 8 min read
The data erasure benches at the Scandic IT facility

When a device reaches the end of its life with you, the data on it has to go before the device does. There are two trusted ways to do that: wipe the drive clean, or destroy it. Both work. The trick is knowing which one to use, and when.

This post explains the difference, what the standards say, and how to make the call for each device.

Why “delete” is not enough

Let us clear up the most common and most dangerous myth first. Deleting a file does not remove it. Formatting a drive does not remove it either. Both actions just tell the system the space is free to reuse. The data stays on the disk until something writes over it, and until then it can be recovered with tools anyone can download.

This is why second-hand drives keep turning up with old company data on them. It is also why regulators take disposal so seriously. Under the GDPR, you must not keep personal data longer than you need it, and that includes data sitting on a device you have stopped using. Getting this wrong is treated as a breach of the basic principles, which carries fines of up to 20 million euros or 4 percent of global turnover.

The rule of thumb: a device is not safe to reuse, resell or recycle until the data on it has been properly erased or destroyed, and you can prove it.

What the standard says: Clear, Purge, Destroy

The most widely used guide for this is the US standard NIST SP 800-88. It sets out three levels of sanitisation. They are worth knowing because good ITAD work maps directly onto them.

LevelWhat it doesProtects againstDevice survives?
ClearOverwrites the drive using normal read and writeEveryday recovery softwareYes
PurgeStronger methods like cryptographic eraseAdvanced lab recoveryYes
DestroyPhysically shreds or pulverises the mediaEverythingNo

The big split is between the first two and the last one. Clear and Purge both leave you with a working drive you can reuse. Destroy gives you scrap.

Certified erasure: keep the value, lose the data

Certified erasure means running the drive through approved software that overwrites or cryptographically wipes every part of it, then checking that the wipe worked. When it passes, the device is clean and still fully usable.

This is the option you want for most healthy devices, for one simple reason: it keeps the value. A wiped laptop can go straight back into your team or be resold. A shredded one cannot.

Good erasure has three things you should insist on:

  • A recognised method, in line with NIST 800-88 or a similar standard.
  • Verification, so the wipe is checked rather than assumed.
  • A certificate for every single device, tied to its serial number, so your audit trail is real and not a blanket claim.

At Scandic IT, every device that can be wiped is wiped by a certified engineer, and every one leaves with its own certificate. You can see how that fits the wider process on the security page.

Physical destruction: when only scrap will do

Sometimes wiping is not the right answer. Physical destruction is the better choice when:

  • The drive is faulty and cannot be reliably wiped or verified.
  • The data is highly sensitive and your policy says destruction, full stop.
  • The media is hard to wipe cleanly, such as some older or damaged drives.

Destruction is final and total. The trade-off is that you lose the device and its value, and you create e-waste that has to be recycled. That is why it should be a deliberate choice for specific drives, not a default for everything.

How to choose, device by device

You do not have to pick one method for your whole fleet. The right approach is to sort device by device. A simple decision flow looks like this:

  1. Can the drive be wiped and verified to standard? If yes, erase it and keep the value.
  2. Is the drive faulty, or does policy demand destruction? If yes, destroy it.
  3. Either way, record the outcome against the device serial, so you have proof.

This keeps the most value while making sure no risky drive ever leaves the building intact.

Erasure and destruction at a glance

Certified erasurePhysical destruction
Device afterReusableScrap
Value recoveredYesNo
Environmental impactLower (reuse)Higher (waste)
Best forHealthy drivesFaulty or top-secret drives
ProofPer-device certificateDestruction record

The bottom line

Both methods get you to the same place: data that cannot come back. The difference is what you are left holding. Erase when you can, because it keeps the device working and the value intact. Destroy when you must, for faulty drives or data that simply cannot be allowed to survive. And whichever you choose, keep the paperwork, because being able to prove it is half the point.

If you want help setting a clear erase-or-destroy policy for your devices, talk to our team and we will build one that fits your risk and your budget.

KH

Written by

Kasper Horn Nielsen

Co-founder & Managing Director, Scandic IT

Kasper leads Scandic IT and has worked in the IT asset industry since the mid-2000s. He writes about data security, compliance and how to get more value out of company hardware.

Keep reading

Talk to the ITAD team

Whatever stage you are at, we can help you recover, secure and get value from your IT assets. Get a clear quote from the team in Aalborg.