What Actually Happens to Your IT Equipment After We Collect It

Why Transparency Matters in IT Disposal

IT disposal involves trusting a third party with equipment that may contain your most sensitive business data. The promise of "we'll handle it" isn't good enough — you should know exactly what happens, at every step, and you should receive documentation that proves it.

This article walks through the complete Complianta process, from the moment our van leaves your site to the moment your destruction certificate lands in your inbox.

Step 1: Collection and Manifest

When our team arrives at your premises, the first thing we do is create a collection manifest — a detailed log of every item we are taking. For each device, we record:

• Device type (laptop, desktop, server, phone etc.)
• Make and model
• Serial number (from the manufacturer's label)
• Physical condition

You receive a copy of this manifest at collection. It is the foundation of the asset report we provide at the end of the process, and the record against which your destruction certificates are matched.

Step 2: Secure Transport

Equipment is transported in our vehicles, which are tracked. Devices are loaded carefully — loose drives and small devices are bagged separately to prevent damage. For larger quantities or sensitive collections, equipment may be transported in lockable flight cases.

Chain of custody is maintained throughout transport. At no point does your equipment pass through uncontrolled hands between your premises and our facility.

Step 3: Intake and Secondary Audit

On arrival at our facility, every item from your collection is cross-referenced against the collection manifest. Any discrepancy — a device that appears on the manifest but not in the delivery, or vice versa — is flagged and resolved before processing begins.

Each device receives a processing reference number that links it to your order throughout the subsequent steps.

Step 4: Data Destruction

This is the critical step. Every device with internal storage — laptops, desktops, servers, NAS devices, tablets, phones — has its storage media processed before anything else happens to it.

For hard drives (HDDs)

We use certified data erasure software that performs a multi-pass overwrite to NIST 800-88 standard. The software logs the outcome — pass or fail — for each drive, with the serial number recorded.

For solid state drives (SSDs) and NVMe

We use the manufacturer's Secure Erase command where available, which resets the drive at the controller level — the most thorough software-based sanitisation available for flash storage. This is verified by the drive's firmware response.

For drives that fail sanitisation

Any drive that fails the sanitisation process — for example due to hardware failure or bad sectors — is physically destroyed instead. This includes shredding the storage media to a particle size that makes data recovery impossible. We do not return failed drives to service.

For drives where physical destruction is requested

Some clients prefer physical destruction for all drives regardless of condition. We accommodate this on request — the media is shredded and the shred is documented.

Step 5: Data Destruction Certificate Issued

For every device processed, we generate a Data Destruction Certificate. This includes:

• Your company name and collection reference
• Date of processing
• Device make, model and serial number
• Destruction method used (NIST 800-88 wipe / physical destruction)
• Verification result (pass confirmed / physically destroyed)

These certificates are sent to you, typically within 24 hours of collection. They are your ICO-ready evidence of compliant data destruction.

Step 6: Hardware Assessment

Once data has been destroyed, each device is assessed for its condition and viability:

• Devices in good condition that meet current performance standards may be refurbished and resold into the second-hand market — typically to other businesses or refurbishment wholesalers. The proceeds from this offset the cost of the collection and processing service, which is why we can offer free collection.
• Devices in poor condition or below a viable performance threshold are broken down for parts and materials recycling.
• Non-functional devices go directly to materials recycling.

In all cases, you have already received your destruction certificate before this assessment takes place. What happens to the hardware after data destruction is determined by its condition — you have no further data security concern after step 5.

Step 7: WEEE Recycling

All hardware that is not refurbished is processed through our WEEE compliance scheme. This means:

• Batteries are removed and sent to specialist battery recycling
• Screens containing backlights are processed by specialist facilities
• Circuit boards go to precious metal recovery
• Plastic and metal casings are separated and sent to materials recycling streams
• Nothing goes to landfill

We issue Waste Transfer Notes for all collections, which serve as your legal documentation confirming the waste was handled by a licensed carrier under the WEEE Regulations 2013.

Step 8: Asset Report Delivered

At the end of the process, you receive a complete asset report listing every item collected, its serial number, the destruction method applied, and its final disposition. This is your definitive record of the collection, suitable for updating your asset register and GDPR Records of Processing Activities.