{"id":11992,"date":"2026-02-24T09:00:00","date_gmt":"2026-02-24T08:00:00","guid":{"rendered":"https:\/\/prosteit.pl\/?p=11992"},"modified":"2026-02-18T14:29:03","modified_gmt":"2026-02-18T13:29:03","slug":"secure-data-deletion-disposal-it-nist-800-88","status":"publish","type":"post","link":"https:\/\/prosteit.pl\/en\/secure-data-deletion-disposal-it-nist-800-88\/","title":{"rendered":"Secure Data Deletion Before IT Equipment Disposal \u2013 NIST 800-88, ISO 21964, and Company Responsibilities"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"11992\" class=\"elementor elementor-11992\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-754a204 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"754a204\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;ekit_has_onepagescroll_dot&quot;:&quot;yes&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-181fa4f\" data-id=\"181fa4f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2fb5057d elementor-widget elementor-widget-text-editor\" data-id=\"2fb5057d\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p data-start=\"256\" data-end=\"770\">In a world where data is one of the most valuable corporate assets, improperly deleting it can cost more than the equipment itself that just stopped working. <strong data-start=\"418\" data-end=\"577\">A simple &quot;formatting&quot; or factory reset is often an illusion of security \u2013 remnants of information remain, waiting for someone to recover them<\/strong>. Even after recycling old laptops or servers, you can unknowingly share sensitive data, opening the door to data leaks, GDPR violations, and serious legal consequences.<\/p><p data-start=\"772\" data-end=\"1139\">That&#039;s why companies that take security and compliance seriously use <strong data-start=\"859\" data-end=\"963\">certified data deletion methods based on recognized standards such as NIST 800-88 guidelines<\/strong> \u2014 clearly defining, <strong data-start=\"985\" data-end=\"1100\">how to permanently make data irreversible and how to document this process in a legally and audit-acceptable manner<\/strong>.<\/p><p data-start=\"1141\" data-end=\"1441\">In this article, we&#039;ll explain step by step what &quot;secure data deletion&quot; means, what standards and regulations govern it, what risks ignoring them poses, and what a professional process looks like to ensure that IT equipment leaves a company without a single recoverable bit of information.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-539218a elementor-widget elementor-widget-image\" data-id=\"539218a\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"1536\" height=\"1024\" src=\"https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/bezpieczne-usuwanie-danych-przed-utylizacja-sprzetu-it-wsparcie-ozarow-mazowiecki.webp\" class=\"attachment-full size-full wp-image-12003\" alt=\"\" srcset=\"https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/bezpieczne-usuwanie-danych-przed-utylizacja-sprzetu-it-wsparcie-ozarow-mazowiecki.webp 1536w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/bezpieczne-usuwanie-danych-przed-utylizacja-sprzetu-it-wsparcie-ozarow-mazowiecki-300x200.webp 300w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/bezpieczne-usuwanie-danych-przed-utylizacja-sprzetu-it-wsparcie-ozarow-mazowiecki-1024x683.webp 1024w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/bezpieczne-usuwanie-danych-przed-utylizacja-sprzetu-it-wsparcie-ozarow-mazowiecki-768x512.webp 768w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/bezpieczne-usuwanie-danych-przed-utylizacja-sprzetu-it-wsparcie-ozarow-mazowiecki-18x12.webp 18w\" sizes=\"(max-width: 1536px) 100vw, 1536px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-020273b elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"020273b\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-f285af3 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"f285af3\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;ekit_has_onepagescroll_dot&quot;:&quot;yes&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-6899064\" data-id=\"6899064\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-33719a0 elementor-widget elementor-widget-text-editor\" data-id=\"33719a0\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"bezpieczne-usuwanie-danych-co-to-dokladnie-znaczy\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 data-start=\"0\" data-end=\"98\">What &quot;Securely Delete Data&quot; Really Means (And Why Companies Most Often Get It Wrong)<\/h2><p data-start=\"100\" data-end=\"602\">Many entrepreneurs assume that <strong data-start=\"134\" data-end=\"261\">Deleting data is a simple process \u2013 just delete files, format the disk or click &quot;restore factory settings&quot;\u201e<\/strong> and the problem disappears. Unfortunately, this is very misleading reasoning. In real IT practice <strong data-start=\"340\" data-end=\"494\">\u201e&quot;secure data deletion&quot; means making it permanently impossible to recover information, even using advanced tools or laboratory techniques<\/strong> \u2013 and this is the key difference between \u201eremoving\u201d and \u201ehiding\u201d <a href=\"https:\/\/en.wikipedia.org\/wiki\/Data_remanence\" target=\"_blank\" rel=\"noopener\">data<\/a>.<\/p><h3 data-start=\"604\" data-end=\"677\">Data seemingly disappears, but remains as long as it can be recovered<\/h3><p data-start=\"679\" data-end=\"1216\">When you delete a file in the operating system or format a disk, <strong data-start=\"743\" data-end=\"798\">the operating system does not usually physically delete data<\/strong>. What happens is that the space is marked as &quot;free for writing,&quot; while the actual information physically remains on the media until it is overwritten. This is what <strong data-start=\"989\" data-end=\"1010\">\u201e&quot;data inventory&quot;\u201d<\/strong> \u2013 a trace of information remaining after logical operations \u2013 constitutes a risk because it can be recovered by data recovery tools or specialized services.<\/p><p data-start=\"1218\" data-end=\"1441\">Companies that rely only on standard deletion or formatting often think that the data is already &quot;nowhere&quot;, while in practice it is still present on the media and can be read even after the equipment leaves the organization.<\/p><h3 data-start=\"1443\" data-end=\"1512\">\u201eSecure data deletion\u201d is a process, not a single operation<\/h3><p data-start=\"1514\" data-end=\"1866\">The essence of safe removal is <strong data-start=\"1549\" data-end=\"1634\">a process that makes data unrecoverable in any realistic way<\/strong>. In practice, this means using methods that meet recognized standards\u2014such as NIST SP 800-88 guidelines\u2014which define how to select techniques appropriate to the type of media and data sensitivity.<\/p><p data-start=\"1868\" data-end=\"1988\">The NIST 800-88 standard indicates that media sanitization should be performed in a manner appropriate to the context of use:<\/p><ul data-start=\"1989\" data-end=\"2409\"><li data-start=\"1989\" data-end=\"2144\"><p data-start=\"1991\" data-end=\"2144\"><strong data-start=\"1991\" data-end=\"2001\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>Clear:<\/strong> simple data deletion that makes it difficult to recover using typical tools but may not protect against laboratory techniques.<\/p><\/li><li data-start=\"2145\" data-end=\"2263\"><p data-start=\"2147\" data-end=\"2263\"><strong data-start=\"2147\" data-end=\"2157\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>Purge:<\/strong> a more thorough method that significantly limits the possibility of recovery even with advanced tools.<\/p><\/li><li data-start=\"2264\" data-end=\"2409\"><p data-start=\"2266\" data-end=\"2409\"><strong data-start=\"2266\" data-end=\"2278\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>Destroy:<\/strong> physical destruction of the medium, which makes it impossible to recover data in any possible way.<\/p><\/li><\/ul><p data-start=\"2411\" data-end=\"2615\">This classification shows that secure deletion is not just a tool or a click \u2013 it is <strong data-start=\"2505\" data-end=\"2614\">methodical selection of the appropriate sanitization technique depending on the risk and future use of the equipment<\/strong>.<\/p><h3 data-start=\"2617\" data-end=\"2678\">Many companies underestimate the differences between media types<\/h3><p data-start=\"2680\" data-end=\"3120\">Another common mistake is treating traditional drives (HDD) and modern flash memory (SSD, NVMe) the same. In practice <strong data-start=\"2806\" data-end=\"2869\">just use the same overwrite method on SSD and HDD<\/strong>, and the effects can be very different - flash media have internal mechanisms, block reorganization and hidden areas that can prevent a standard overwrite from reaching all physical parts of the memory.<\/p><h3 data-start=\"3122\" data-end=\"3185\">\u201e&quot;Secure deletion&quot; also includes verification and documentation<\/h3><p data-start=\"3187\" data-end=\"3630\">A well-executed data deletion process does not end with the execution of the tool. <strong data-start=\"3271\" data-end=\"3353\">It is crucial to verify the sanitization effect and document this process<\/strong> \u2013 especially if a company wants to demonstrate compliance with regulations and audits. NIST 800-88 and other standards recommend that organizations ensure that no data is accessible after the process and that the actions taken can be documented.<\/p><p data-start=\"3637\" data-end=\"4150\">\u201e&quot;Secure data erasure&quot; is much more than just deleting files or formatting. It&#039;s a process that aims to <strong data-start=\"3786\" data-end=\"3833\">permanent and verifiable deletion of information<\/strong>, compliant with recognized standards and controlled by procedures \u2013 so that even advanced recovery techniques cannot restore them. Companies often make the mistake of simply deleting data logically does not eliminate residual data or provide proof of its permanent inaccessibility.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-38af7f5 elementor-widget elementor-widget-image\" data-id=\"38af7f5\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"250\" height=\"202\" src=\"https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/images-1.jpg\" class=\"attachment-full size-full wp-image-12000\" alt=\"NIST 800-88\" srcset=\"https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/images-1.jpg 250w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/images-1-15x12.jpg 15w\" sizes=\"(max-width: 250px) 100vw, 250px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fe5a61f elementor-widget elementor-widget-text-editor\" data-id=\"fe5a61f\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"czym-jest-audyt-it\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 data-start=\"0\" data-end=\"86\">NIST 800-88 Standard in Practice \u2013 Clear, Purge, Destroy (and when each makes sense)<\/h2><p data-start=\"88\" data-end=\"641\">When we talk about <strong data-start=\"101\" data-end=\"155\">secure data deletion compliant with standards<\/strong>, one of the most frequently cited documents is <strong data-start=\"205\" data-end=\"260\">NIST SP 800-88, &quot;Guidelines for Media Sanitization&quot;\u201e<\/strong> \u2013 a set of practical guidelines developed by the American National Institute of Standards and Technology. This standard does not impose a single &quot;best&quot; method of deletion, but <strong data-start=\"442\" data-end=\"529\">shows how to choose the data deletion method for a specific purpose and type of medium<\/strong>, so that the information cannot be recovered even with advanced techniques..<\/p><h3 data-start=\"847\" data-end=\"899\">What is \u201edata sanitization\u201d in NIST 800-88?<\/h3><p data-start=\"901\" data-end=\"1164\">According to NIST 800-88, &quot;sanitization&quot; means a process that <strong data-start=\"959\" data-end=\"1045\">makes access to data unrecoverable for a given level of effort<\/strong> \u2013 that is, it not only makes it difficult, but actually impossible to reproduce information.<\/p><p data-start=\"1166\" data-end=\"1451\">This document covers various media technologies \u2013 from traditional magnetic disks to modern SSDs, flash memories and mobile devices \u2013 and suggests, <strong data-start=\"1332\" data-end=\"1385\">how to adjust the removal method to real needs<\/strong> organization security.<\/p><h3 data-start=\"1458\" data-end=\"1521\">1) Clear \u2013 logical deletion of data (lightest level)<\/h3><p data-start=\"1523\" data-end=\"1814\"><strong data-start=\"1523\" data-end=\"1538\">What is this:<\/strong><br data-start=\"1538\" data-end=\"1541\" \/>The &quot;Clear&quot; method involves <strong data-start=\"1566\" data-end=\"1603\">deleting data in a logical manner<\/strong> \u2013 so that ordinary tools or the operating system cannot read them, but the data can still remain on the medium in a form that can be read by specialized technology.<\/p><p data-start=\"1816\" data-end=\"1844\"><strong data-start=\"1816\" data-end=\"1842\">How it works in practice:<\/strong><\/p><ul data-start=\"1845\" data-end=\"2181\"><li data-start=\"1845\" data-end=\"2028\"><p data-start=\"1847\" data-end=\"2028\">\u2022 overwriting data by writing \u201ezeros and ones\u201d or random bits so that any previous information is overwritten;<\/p><\/li><li data-start=\"2029\" data-end=\"2181\"><p data-start=\"2031\" data-end=\"2181\">\u2022 restoring the device to factory settings (&quot;factory reset&quot;), often used in smartphones and tablets;<\/p><\/li><\/ul><p data-start=\"2183\" data-end=\"2203\"><strong data-start=\"2183\" data-end=\"2201\">When it makes sense:<\/strong><\/p><ul data-start=\"2204\" data-end=\"2450\"><li data-start=\"2204\" data-end=\"2326\"><p data-start=\"2206\" data-end=\"2326\">\u2022 carrier <strong data-start=\"2213\" data-end=\"2285\">is to be reused in a secure environment within the same organization<\/strong>;<\/p><\/li><li data-start=\"2327\" data-end=\"2450\"><p data-start=\"2329\" data-end=\"2450\">\u2022 the data was not highly confidential and did not leave the controlled IT zone;<\/p><\/li><\/ul><p data-start=\"2452\" data-end=\"2658\"><em data-start=\"2455\" data-end=\"2570\">Good for situations where the computer or disk will be used further \u2013 e.g. transferred to another department within the company.<\/em>, But <strong data-start=\"2576\" data-end=\"2657\">it is not enough if the media is to be disposed of or recycled outside the company<\/strong>.<\/p><h3 data-start=\"2665\" data-end=\"2718\">2) Purge \u2013 thorough removal (higher level)<\/h3><p data-start=\"2720\" data-end=\"2944\"><strong data-start=\"2720\" data-end=\"2735\">What is this:<\/strong><br data-start=\"2735\" data-end=\"2738\" \/>\u201e<a href=\"https:\/\/www.dell.com\/support\/kbdoc\/pl-pl\/000186133\/dell-data-wipe-nist-800-88r1-ieee-2883-2022-obs%C5%82ugiwane-dzia%C5%82ania-oczyszczania-no%C5%9Bnik%C3%B3w-pami%C4%99ci-masowej\" target=\"_blank\" rel=\"noopener\">Purge<\/a>\u201d is a step above Clear \u2013 it means <strong data-start=\"2779\" data-end=\"2905\">deleting data in a way that makes it extremely difficult to recover even using laboratory techniques<\/strong>.<\/p><p data-start=\"2946\" data-end=\"2974\"><strong data-start=\"2946\" data-end=\"2972\">How it works in practice:<\/strong><\/p><ul data-start=\"2975\" data-end=\"3441\"><li data-start=\"2975\" data-end=\"3067\"><p data-start=\"2977\" data-end=\"3067\">\u2022 advanced data overwriting with multiple patterns;<\/p><\/li><li data-start=\"3068\" data-end=\"3241\"><p data-start=\"3070\" data-end=\"3241\"><em data-start=\"3070\" data-end=\"3091\">\u2022 cryptographic erase<\/em> \u2013 deletion or destruction of encryption keys, which makes the encrypted data unreadable;<\/p><\/li><li data-start=\"3242\" data-end=\"3441\"><p data-start=\"3244\" data-end=\"3441\">\u2022 special built-in commands such as <strong data-start=\"3283\" data-end=\"3303\">ATA Secure Erase<\/strong> on HDD\/SSD drives or other manufacturer functions that perform sanitization by the media controller;<\/p><\/li><\/ul><p data-start=\"3443\" data-end=\"3463\"><strong data-start=\"3443\" data-end=\"3461\">When it makes sense:<\/strong><\/p><ul data-start=\"3464\" data-end=\"3753\"><li data-start=\"3464\" data-end=\"3602\"><p data-start=\"3466\" data-end=\"3602\">\u2022 equipment <strong data-start=\"3473\" data-end=\"3512\">leaves the controlled IT environment<\/strong>, but may still be used or resold;<\/p><\/li><li data-start=\"3603\" data-end=\"3753\"><p data-start=\"3605\" data-end=\"3753\">\u2022 the medium contains medium or high confidentiality data where simple overwriting may not be sufficient;<\/p><\/li><\/ul><p data-start=\"3755\" data-end=\"3945\"><em data-start=\"3758\" data-end=\"3945\">Purge is used when a device needs to be securely wiped before leaving the company \u2013 even if the potential next user has the technical skills to recover data.<\/em><\/p><h3 data-start=\"3952\" data-end=\"4011\">3) Destroy \u2013 physical destruction (highest level)<\/h3><p data-start=\"4013\" data-end=\"4243\"><strong data-start=\"4013\" data-end=\"4028\">What is this:<\/strong><br data-start=\"4028\" data-end=\"4031\" \/>\u201e&quot;Destroy&quot; is <strong data-start=\"4044\" data-end=\"4080\">the strongest sanitization method<\/strong> \u2013 physical destruction of the medium, which <strong data-start=\"4119\" data-end=\"4181\">ensures that data cannot be recovered by any technique<\/strong>, even laboratory.<\/p><p data-start=\"4245\" data-end=\"4273\"><strong data-start=\"4245\" data-end=\"4271\">How it works in practice:<\/strong><\/p><ul data-start=\"4274\" data-end=\"4631\"><li data-start=\"4274\" data-end=\"4383\"><p data-start=\"4276\" data-end=\"4383\">\u2022 cutting, crushing, crushing or fragmenting memory elements;<\/p><\/li><li data-start=\"4384\" data-end=\"4532\"><p data-start=\"4386\" data-end=\"4532\">\u2022 demagnetization (degaussing) \u2013 a strong magnetic field removes magnetic recording on HDD platters and tapes;<\/p><\/li><li data-start=\"4533\" data-end=\"4631\"><p data-start=\"4535\" data-end=\"4631\">\u2022 incineration or other permanent physical destruction methods.<\/p><\/li><\/ul><p data-start=\"4633\" data-end=\"4653\"><strong data-start=\"4633\" data-end=\"4651\">When it makes sense:<\/strong><\/p><ul data-start=\"4654\" data-end=\"4937\"><li data-start=\"4654\" data-end=\"4763\"><p data-start=\"4656\" data-end=\"4763\">\u2022 the carrier will no longer be used and is to be scrapped or recycled;<\/p><\/li><li data-start=\"4764\" data-end=\"4937\"><p data-start=\"4766\" data-end=\"4937\">\u2022 contains data about <strong data-start=\"4781\" data-end=\"4810\">very high confidentiality<\/strong>, which could cause serious damage to the company or its customers in the event of a leak;<\/p><\/li><\/ul><p data-start=\"4939\" data-end=\"5089\"><em data-start=\"4942\" data-end=\"5089\">When equipment is being disposed of or when data security is a top priority, physical destruction of the media is the last resort.<\/em><\/p><h3 data-start=\"5096\" data-end=\"5151\">When to choose which method \u2013 practical tips<\/h3><p data-start=\"5153\" data-end=\"5246\">The choice of method depends primarily on <strong data-start=\"5193\" data-end=\"5246\">purpose of the medium and level of data confidentiality:<\/strong><\/p><ul data-start=\"5248\" data-end=\"5754\"><li data-start=\"5248\" data-end=\"5415\"><p data-start=\"5250\" data-end=\"5415\"><strong data-start=\"5250\" data-end=\"5259\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>Clear<\/strong> \u2013 suitable when the equipment is to remain within the company and will no longer be used to store sensitive data.<\/p><\/li><li data-start=\"5416\" data-end=\"5591\"><p data-start=\"5418\" data-end=\"5591\"><strong data-start=\"5418\" data-end=\"5427\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>Purge<\/strong> \u2013 the best choice when equipment is about to leave the company, but there is a need for reuse or resale and the data is confidential.<\/p><\/li><li data-start=\"5592\" data-end=\"5754\"><p data-start=\"5594\" data-end=\"5754\"><strong data-start=\"5594\" data-end=\"5605\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>Destroy<\/strong> \u2013 used whenever the medium is to be recycled\/disposed of or contains particularly sensitive data.<\/p><\/li><\/ul><h3 data-start=\"5761\" data-end=\"5826\">Why NIST 800-88 is more than just a marketing label\u201e<\/h3><p data-start=\"5828\" data-end=\"6144\">This standard is widely recognized by organizations around the world not because it is a formal law, but because <strong data-start=\"5951\" data-end=\"6103\">provides clear criteria for when data can be considered &quot;permanently deleted&quot; and what evidence and processes are needed to document this<\/strong>.<\/p><p data-start=\"6146\" data-end=\"6396\">Companies that use NIST 800-88-based procedures find it easier to demonstrate compliance with audits and regulations because they can show not only the result itself, but also <strong data-start=\"6290\" data-end=\"6355\">justification for the choice of sanitation method and evidence of its implementation<\/strong>.<\/p><p data-start=\"6430\" data-end=\"6845\">Standard <strong data-start=\"6439\" data-end=\"6457\">NIST SP 800-88<\/strong> does not impose a single recipe for data deletion, but offers <strong data-start=\"6517\" data-end=\"6589\">a clear framework with three sanitization classes: Clear, Purge, and Destroy<\/strong>, which is selected depending on the risk and intended use of the medium. For companies planning to dispose of IT equipment, this is the foundation of a good process \u2013 both in terms of security and subsequent audit verification.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6a0fe8f elementor-widget elementor-widget-image\" data-id=\"6a0fe8f\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/infografika-prosteit-usuwanie-danych-w-it.webp\" data-elementor-open-lightbox=\"yes\" data-elementor-lightbox-title=\"infografika-prosteit-usuwanie-danych-w-it\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTE5OTcsInVybCI6Imh0dHBzOlwvXC9wcm9zdGVpdC5wbFwvd3AtY29udGVudFwvdXBsb2Fkc1wvMjAyNlwvMDJcL2luZm9ncmFmaWthLXByb3N0ZWl0LXVzdXdhbmllLWRhbnljaC13LWl0LndlYnAifQ%3D%3D\">\n\t\t\t\t\t\t\t<img decoding=\"async\" width=\"1920\" height=\"1025\" src=\"https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/infografika-prosteit-usuwanie-danych-w-it.webp\" class=\"attachment-full size-full wp-image-11997\" alt=\"\" srcset=\"https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/infografika-prosteit-usuwanie-danych-w-it.webp 1920w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/infografika-prosteit-usuwanie-danych-w-it-300x160.webp 300w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/infografika-prosteit-usuwanie-danych-w-it-1024x547.webp 1024w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/infografika-prosteit-usuwanie-danych-w-it-768x410.webp 768w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/infografika-prosteit-usuwanie-danych-w-it-1536x820.webp 1536w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/infografika-prosteit-usuwanie-danych-w-it-18x10.webp 18w\" sizes=\"(max-width: 1920px) 100vw, 1920px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5d567ea elementor-widget elementor-widget-text-editor\" data-id=\"5d567ea\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"iso-iec-21964-normy-poziomow-niszczenia\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 data-start=\"0\" data-end=\"87\">ISO\/IEC 21964 (DIN 66399) \u2013 standards for media destruction levels and &quot;protection classes&quot;\u201e<\/h2><p data-start=\"89\" data-end=\"544\">When securing data before disposing of IT equipment or company documents, it is worth knowing <strong data-start=\"179\" data-end=\"196\">ISO\/IEC 21964<\/strong> \u2013 an international standard defining how to securely destroy information media depending on their confidentiality and type. This standard is based on a German standard <strong data-start=\"367\" data-end=\"380\">DIN 66399<\/strong> and has been globally adopted as a practical tool for classifying and destroying protected data.<\/p><p data-start=\"546\" data-end=\"787\">The standard not only says &quot;destroy&quot;, but <strong data-start=\"581\" data-end=\"626\">defines the rules for the entire process<\/strong>, from information classification to the selection of appropriate technical means and requirements for media and destruction devices.<\/p><h3 data-start=\"794\" data-end=\"854\">Protection Classes \u2013 How to Assess How Confidential Your Data Is<\/h3><p data-start=\"856\" data-end=\"1055\">ISO\/IEC 21964 divides information and data carriers into <strong data-start=\"911\" data-end=\"933\">three classes of protection<\/strong>, which correspond to different levels of confidentiality and the risk of their disclosure:<\/p><ol data-start=\"1057\" data-end=\"1826\"><li data-start=\"1057\" data-end=\"1280\"><p data-start=\"1060\" data-end=\"1280\"><strong data-start=\"1060\" data-end=\"1100\">Protection class 1 \u2013 basic protection<\/strong><br data-start=\"1100\" data-end=\"1103\" \/>This applies to data with a low level of confidentiality, e.g. internal or general information, the disclosure of which would not have serious consequences.<\/p><\/li><li data-start=\"1282\" data-end=\"1543\"><p data-start=\"1285\" data-end=\"1543\"><strong data-start=\"1285\" data-end=\"1336\">Protection class 2 \u2013 higher protection (confidential)<\/strong><br data-start=\"1336\" data-end=\"1339\" \/>This includes confidential data, the unauthorized disclosure of which could negatively impact the company&#039;s operations, violate contracts, or jeopardize regulatory compliance (e.g., GDPR).<\/p><\/li><li data-start=\"1545\" data-end=\"1826\"><p data-start=\"1548\" data-end=\"1826\"><strong data-start=\"1548\" data-end=\"1600\">Protection class 3 \u2013 very high protection (secret)<\/strong><br data-start=\"1600\" data-end=\"1603\" \/>It concerns highly sensitive information, the leak of which may have serious legal, business or personal consequences (e.g. strategic data, medical data, technological secrets).<\/p><\/li><\/ol><p data-start=\"1828\" data-end=\"2016\">Each of these classes is a starting point for determining what technical and organizational measures should be used in the process of destroying data media.<\/p><h3 data-start=\"2023\" data-end=\"2091\">Media Categories \u2013 Different Approaches to Different Media<\/h3><p data-start=\"2093\" data-end=\"2294\">ISO\/IEC 21964 also defines <strong data-start=\"2121\" data-end=\"2150\">a number of media categories<\/strong>, which is especially important when the company disposes not only of paper but also of electronic devices:<\/p><ul data-start=\"2296\" data-end=\"2698\"><li data-start=\"2296\" data-end=\"2351\"><p data-start=\"2298\" data-end=\"2351\"><strong data-start=\"2298\" data-end=\"2323\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>P - Paper media<\/strong> (e.g. documents, printouts).<\/p><\/li><li data-start=\"2352\" data-end=\"2411\"><p data-start=\"2354\" data-end=\"2411\"><strong data-start=\"2354\" data-end=\"2385\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>O \u2014 Optical data carriers<\/strong> (e.g. CD, DVD, Blu-ray).<\/p><\/li><li data-start=\"2412\" data-end=\"2487\"><p data-start=\"2414\" data-end=\"2487\"><strong data-start=\"2414\" data-end=\"2441\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>T - Magnetic media<\/strong> (e.g. magnetic tapes, magnetic cards).<\/p><\/li><li data-start=\"2488\" data-end=\"2554\"><p data-start=\"2490\" data-end=\"2554\"><strong data-start=\"2490\" data-end=\"2528\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>H - Magnetic memory media<\/strong> (e.g. HDD hard drives).<\/p><\/li><li data-start=\"2555\" data-end=\"2638\"><p data-start=\"2557\" data-end=\"2638\"><strong data-start=\"2557\" data-end=\"2594\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>E - Electronic storage media<\/strong> (e.g. USB, SSD, memory cards, smartphones).<\/p><\/li><li data-start=\"2639\" data-end=\"2698\"><p data-start=\"2641\" data-end=\"2698\"><strong data-start=\"2641\" data-end=\"2678\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>F - Miniature media<\/strong> (e.g. microfilms).<\/p><\/li><\/ul><p data-start=\"2700\" data-end=\"2899\">For each category of media, the standard specifies what destruction methods and what <strong data-start=\"2776\" data-end=\"2808\">size of fragments (cuts)<\/strong> are considered to be compliant with a specific level of protection.<\/p><h3 data-start=\"2906\" data-end=\"2973\">Seven levels of security \u2013 how \u201ehard\u201d you have to destroy<\/h3><p data-start=\"2975\" data-end=\"3249\">Each protection class is matched to <strong data-start=\"3013\" data-end=\"3039\">security levels<\/strong>, determined from <strong data-start=\"3054\" data-end=\"3064\">1 to 7<\/strong> \u2014 the higher the level, the <strong data-start=\"3089\" data-end=\"3146\">smaller fragments must be crushed into smaller pieces<\/strong>, which makes it difficult or impossible to restore data after destruction.<\/p><ul data-start=\"3251\" data-end=\"3572\"><li data-start=\"3251\" data-end=\"3342\"><p data-start=\"3253\" data-end=\"3342\"><strong data-start=\"3253\" data-end=\"3267\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>Level 1\u20133<\/strong> \u2013 usually sufficient for low or medium sensitivity data.<\/p><\/li><li data-start=\"3343\" data-end=\"3572\"><p data-start=\"3345\" data-end=\"3572\"><strong data-start=\"3345\" data-end=\"3359\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>Level 4\u20137<\/strong> \u2013 intended for confidential and particularly sensitive data; the higher the number, the smaller the fragments, e.g. microscopic pieces, which make it impossible to reconstruct the content.<\/p><\/li><\/ul><p data-start=\"3574\" data-end=\"3613\">For example, for paper media:<\/p><ul data-start=\"3614\" data-end=\"3877\"><li data-start=\"3614\" data-end=\"3660\"><p data-start=\"3616\" data-end=\"3660\"><strong data-start=\"3616\" data-end=\"3623\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>P-1<\/strong> \u2013 strips up to approx. 12 mm wide,<\/p><\/li><li data-start=\"3661\" data-end=\"3725\"><p data-start=\"3663\" data-end=\"3725\"><strong data-start=\"3663\" data-end=\"3670\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>P-5<\/strong> \u2013 very small fragments with an area of up to approx. 30 mm\u00b2,<\/p><\/li><li data-start=\"3726\" data-end=\"3877\"><p data-start=\"3728\" data-end=\"3877\"><strong data-start=\"3728\" data-end=\"3735\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>P-7<\/strong> \u2013 the smallest fragments with an area of approximately 5 mm\u00b2 or smaller \u2013 used for highly confidential data.<\/p><\/li><\/ul><p data-start=\"3879\" data-end=\"4110\">For electronic media or HDDs, the levels define the minimum fragmentation or deformation parameters required for a given protection class, so that data recovery is practically impossible.<\/p><h3 data-start=\"4117\" data-end=\"4174\">How it works in practice \u2013 an example for IT equipment<\/h3><p data-start=\"4176\" data-end=\"4584\">In the context of IT equipment disposal, the standard helps to determine, <strong data-start=\"4234\" data-end=\"4310\">how small fragments need to be obtained to meet safety requirements<\/strong>. For example, for sensitive media (e.g. HDD or memory cards containing customer personal data) a level of <strong data-start=\"4440\" data-end=\"4453\">H-4 and above<\/strong>, which generates fragments of data that are difficult to recreate without a specialized laboratory.<\/p><p data-start=\"4586\" data-end=\"4882\">Establishing the appropriate level of security after data analysis means that a company can demonstrate with a high degree of certainty that the destruction process was in line with a recognised global standard \u2013 which also has <strong data-start=\"4786\" data-end=\"4817\">audit and legal significance<\/strong> (e.g. in the context of GDPR).<\/p><h3 data-start=\"4889\" data-end=\"4946\">Why ISO\/IEC 21964 matters to businesses<\/h3><p data-start=\"4948\" data-end=\"5044\">ISO\/IEC 21964 provides more than just technical guidance on media fragmentation. This standard:<\/p><ul data-start=\"5045\" data-end=\"5401\"><li data-start=\"5045\" data-end=\"5124\"><p data-start=\"5047\" data-end=\"5124\">\u2022 helps <strong data-start=\"5054\" data-end=\"5121\">categorize data and media according to confidentiality and risk levels<\/strong>,<\/p><\/li><li data-start=\"5125\" data-end=\"5184\"><p data-start=\"5127\" data-end=\"5184\">\u2022 indicates optimal <strong data-start=\"5146\" data-end=\"5181\">technical parameters of destruction<\/strong>,<\/p><\/li><li data-start=\"5185\" data-end=\"5265\"><p data-start=\"5187\" data-end=\"5265\">\u2022 creates the basis for <strong data-start=\"5206\" data-end=\"5262\">documenting and justifying security activities<\/strong>,<\/p><\/li><li data-start=\"5266\" data-end=\"5401\"><p data-start=\"5268\" data-end=\"5401\">\u2022 facilitates compliance with audit requirements and personal data protection regulations.<\/p><\/li><\/ul><p data-start=\"5403\" data-end=\"5601\">For companies planning to dispose of IT equipment, this standard provides an independent point of reference \u2013 both when they carry out the process themselves and when they outsource it to an external service provider.<\/p><p data-start=\"5633\" data-end=\"6141\"><strong data-start=\"5633\" data-end=\"5670\">ISO\/IEC 21964 (formerly DIN 66399)<\/strong> This comprehensive standard describes how to classify data according to its confidentiality, how to define media categories, and what security levels to apply during physical data destruction. Applying this standard in practice helps companies establish secure, best-practice disposal processes for IT equipment and other data media \u2013 a key issue not only technically but also from an audit and legal perspective.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9deb9b5 elementor-widget elementor-widget-image\" data-id=\"9deb9b5\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"801\" height=\"301\" src=\"https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/ISO-21964-ciemne-1.webp\" class=\"attachment-full size-full wp-image-11998\" alt=\"ISO 21964\" srcset=\"https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/ISO-21964-ciemne-1.webp 801w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/ISO-21964-ciemne-1-300x113.webp 300w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/ISO-21964-ciemne-1-768x289.webp 768w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/ISO-21964-ciemne-1-18x7.webp 18w\" sizes=\"(max-width: 801px) 100vw, 801px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0b4f445 elementor-widget elementor-widget-image\" data-id=\"0b4f445\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"203\" height=\"192\" src=\"https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/P-7.gif\" class=\"attachment-full size-full wp-image-11999\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f2d40c6 elementor-widget elementor-widget-text-editor\" data-id=\"f2d40c6\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"regulacje-i-obowiazki-firm-w-pl-i-ue\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 data-start=\"0\" data-end=\"70\">Regulations and obligations of companies in Poland and the EU \u2013 GDPR, e-waste, BDO<\/h2><p data-start=\"72\" data-end=\"460\">The process of disposing of IT equipment is not only about the technical aspects of secure data removal \u2013 companies must also take care of <strong data-start=\"197\" data-end=\"247\">compliance with applicable legal regulations<\/strong> both regarding personal data protection and environmental protection. Below you will find <strong data-start=\"339\" data-end=\"375\">compact and specific overview<\/strong> the most important requirements that apply to entrepreneurs in Poland and the European Union.<\/p><h3 data-start=\"467\" data-end=\"544\">GDPR \u2013 obligation to permanently delete data, also at the disposal stage<\/h3><p data-start=\"546\" data-end=\"1229\"><strong data-start=\"546\" data-end=\"583\">GDPR (EU Regulation 2016\/679)<\/strong> imposes on companies the obligation to use technical and organizational measures to ensure <strong data-start=\"674\" data-end=\"750\">an appropriate level of personal data security, taking into account the risk<\/strong> for the rights and freedoms of data subjects. In practice, this also means that <strong data-start=\"833\" data-end=\"915\">data deletion from media before disposal must be effective and verified<\/strong> \u2013 so as to prevent unauthorized access or recovery of information after the equipment is returned. The GDPR does not provide specific methods, but clearly requires that the data be <strong data-start=\"1081\" data-end=\"1148\">permanently deleted in accordance with the principles of processing security<\/strong> and so that the administrator can document it.<\/p><p data-start=\"1231\" data-end=\"1255\">Key consequences:<\/p><ul data-start=\"1256\" data-end=\"1523\"><li data-start=\"1256\" data-end=\"1369\"><p data-start=\"1258\" data-end=\"1369\">\u2022 The data controller must demonstrate that he has taken <strong data-start=\"1303\" data-end=\"1325\">appropriate measures<\/strong> deleting data before disposing of equipment.<\/p><\/li><li data-start=\"1370\" data-end=\"1523\"><p data-start=\"1372\" data-end=\"1523\">\u2022 Lack of proper sanitation procedure may result in <strong data-start=\"1424\" data-end=\"1475\">liability for data protection violations<\/strong>, regardless of the subsequent disposal of the equipment.<\/p><\/li><\/ul><h3 data-start=\"1530\" data-end=\"1613\">Electronic waste and the WEEE directive \u2013 the EU framework and the obligations of Member States<\/h3><p data-start=\"1615\" data-end=\"2065\">At the EU level it applies <strong data-start=\"1646\" data-end=\"1730\">WEEE Directive (Waste Electrical and Electronic Equipment Directive, 2012\/19\/EU)<\/strong> \u2013 a legal act that forces member states to organize <strong data-start=\"1796\" data-end=\"1873\">systems for collecting, processing, recycling and disposing of e-waste<\/strong>. E-waste is electrical and electronic devices that have become <strong data-start=\"1948\" data-end=\"1979\">are useless and are thrown away<\/strong>, e.g. computers, monitors, telephones or routers.<\/p><p data-start=\"2067\" data-end=\"2098\">The WEEE Directive assumes, among other things:<\/p><ul data-start=\"2099\" data-end=\"2413\"><li data-start=\"2099\" data-end=\"2215\"><p data-start=\"2101\" data-end=\"2215\">\u2022 duty <strong data-start=\"2111\" data-end=\"2182\">organization and financing of the collection and processing of used equipment<\/strong> from producers or importers,<\/p><\/li><li data-start=\"2216\" data-end=\"2308\"><p data-start=\"2218\" data-end=\"2308\">\u2022 achieving specific <strong data-start=\"2240\" data-end=\"2275\">collection and recycling levels<\/strong> for various categories of equipment,<\/p><\/li><li data-start=\"2309\" data-end=\"2413\"><p data-start=\"2311\" data-end=\"2413\">\u2022 keeping records and reporting the quantity of equipment introduced to the market and sent for recycling.<\/p><\/li><\/ul><p data-start=\"2415\" data-end=\"2677\">Although WEEE is a directive (i.e. the EU legal framework), in Poland its provisions are implemented by <strong data-start=\"2518\" data-end=\"2541\">national legal acts<\/strong>, which impose specific obligations on entrepreneurs participating in the electronic equipment market or generating e-waste.<\/p><h3 data-start=\"2684\" data-end=\"2741\">BDO \u2013 waste records and entrepreneur&#039;s obligations<\/h3><p data-start=\"2743\" data-end=\"3029\">In Poland, the superior system for <strong data-start=\"2783\" data-end=\"2829\">waste management, including e-waste<\/strong>, Is <strong data-start=\"2836\" data-end=\"2912\">BDO \u2013 Database on Products, Packaging and Waste Management<\/strong>, which results from, among others, <strong data-start=\"2935\" data-end=\"2956\">Waste Act<\/strong> and the Act on Electronic Waste (WEEE).<\/p><h4 data-start=\"3031\" data-end=\"3059\">Who must work in BDO?<\/h4><p data-start=\"3060\" data-end=\"3337\">If a company introduces electrical and electronic equipment to the market, generates waste other than municipal waste (e.g. e-waste) or intends to dispose of it, it is often <strong data-start=\"3230\" data-end=\"3298\">must register in the BDO system and obtain a registration number<\/strong>.<\/p><h4 data-start=\"3339\" data-end=\"3370\">Obligations of companies in practice<\/h4><ul data-start=\"3371\" data-end=\"4155\"><li data-start=\"3371\" data-end=\"3529\"><p data-start=\"3373\" data-end=\"3529\"><strong data-start=\"3373\" data-end=\"3394\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>Registration with BDO<\/strong> \u2013 the entity generating waste or managing equipment must have an account with a registration number.<\/p><\/li><li data-start=\"3530\" data-end=\"3720\"><p data-start=\"3532\" data-end=\"3720\"><strong data-start=\"3532\" data-end=\"3553\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>Waste records<\/strong> \u2013 obligation to keep electronic records of waste quantity and quality in the BDO account, with appropriate waste codes.<\/p><\/li><li data-start=\"3721\" data-end=\"3959\"><p data-start=\"3723\" data-end=\"3959\"><strong data-start=\"3723\" data-end=\"3749\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>Accompanying documents<\/strong> \u2013 each transfer of e-waste to a professional recipient must be documented <strong data-start=\"3840\" data-end=\"3874\">Waste Transfer Note (WTP)<\/strong> or other documents provided for in BDO.<\/p><\/li><li data-start=\"3960\" data-end=\"4155\"><p data-start=\"3962\" data-end=\"4155\"><strong data-start=\"3962\" data-end=\"4005\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>Transfer only to authorized recipient<\/strong> \u2013 used equipment should be sent to entities with appropriate permits that maintain their own records in BDO.<\/p><\/li><\/ul><h4 data-start=\"4157\" data-end=\"4182\">Penalties and consequences<\/h4><p data-start=\"4183\" data-end=\"4457\">Lack of registration, lack of records, incorrect documents or handing over of electronic waste to an unauthorized entity <strong data-start=\"4294\" data-end=\"4358\">may result in administrative penalties (high fines)<\/strong> and problems during environmental inspections or audits.<\/p><h3 data-start=\"4464\" data-end=\"4498\">How does this fit together in practice?<\/h3><p data-start=\"4500\" data-end=\"4600\">For a company disposing of IT equipment, there are often three areas of responsibility simultaneously:<\/p><ul data-start=\"4601\" data-end=\"4796\"><li data-start=\"4601\" data-end=\"4651\"><p data-start=\"4603\" data-end=\"4651\"><strong data-start=\"4603\" data-end=\"4648\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>secure data deletion in accordance with GDPR<\/strong>,<\/p><\/li><li data-start=\"4652\" data-end=\"4737\"><p data-start=\"4654\" data-end=\"4737\"><strong data-start=\"4654\" data-end=\"4734\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>handing over the equipment as electronic waste in accordance with WEEE and national regulations<\/strong>,<\/p><\/li><li data-start=\"4738\" data-end=\"4796\"><p data-start=\"4740\" data-end=\"4796\"><strong data-start=\"4740\" data-end=\"4795\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>keeping records and documentation in the BDO system<\/strong>.<\/p><\/li><\/ul><p data-start=\"4798\" data-end=\"5039\">This means that the disposal process should be planned to meet all these requirements \u2013 not only to secure data, but also to comply with environmental protection and waste accounting laws.<\/p><p data-start=\"4798\" data-end=\"5039\">To sum up:<\/p><ul data-start=\"5067\" data-end=\"5753\"><li data-start=\"5067\" data-end=\"5285\"><p data-start=\"5069\" data-end=\"5285\"><strong data-start=\"5069\" data-end=\"5077\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>GDPR<\/strong> imposes the obligation to permanently delete data from media before they are disposed of \u2013 this is a matter of information security and compliance with personal data protection.<\/p><\/li><li data-start=\"5286\" data-end=\"5530\"><p data-start=\"5288\" data-end=\"5530\"><strong data-start=\"5288\" data-end=\"5311\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>WEEE Directive (EU)<\/strong> and its implementation in Poland means that electronic equipment <strong data-start=\"5379\" data-end=\"5423\">cannot be thrown away like regular garbage<\/strong> \u2013 companies must take care of its collection, recycling or disposal.<\/p><\/li><li data-start=\"5531\" data-end=\"5753\"><p data-start=\"5533\" data-end=\"5753\"><strong data-start=\"5533\" data-end=\"5540\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>BDO<\/strong> is a central waste registration system in Poland \u2013 registration, recording and documenting the flow of electronic waste is a condition for the proper disposal of IT equipment.<\/p><\/li><\/ul><p data-start=\"5755\" data-end=\"5901\">This comprehensive approach allows the company not only <strong data-start=\"5808\" data-end=\"5842\">secure data and the environment<\/strong>, but also <strong data-start=\"5852\" data-end=\"5900\">avoid the risk of fines and problems during inspections<\/strong>.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2b6eaff elementor-widget elementor-widget-image\" data-id=\"2b6eaff\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1280\" height=\"853\" src=\"https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/bdo-elektrosmieci-pomoc-it.webp\" class=\"attachment-full size-full wp-image-12001\" alt=\"\" srcset=\"https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/bdo-elektrosmieci-pomoc-it.webp 1280w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/bdo-elektrosmieci-pomoc-it-300x200.webp 300w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/bdo-elektrosmieci-pomoc-it-1024x682.webp 1024w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/bdo-elektrosmieci-pomoc-it-768x512.webp 768w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/bdo-elektrosmieci-pomoc-it-18x12.webp 18w\" sizes=\"(max-width: 1280px) 100vw, 1280px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-53f4e72 elementor-widget elementor-widget-text-editor\" data-id=\"53f4e72\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"raport-audyt-it\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 data-start=\"0\" data-end=\"99\">What does a secure IT disposal process look like step by step (from inventory to certification)<\/h2><h3 data-start=\"570\" data-end=\"614\">1) Equipment inventory and classification<\/h3><p data-start=\"616\" data-end=\"939\">The first step is <strong data-start=\"639\" data-end=\"704\">complete identification of devices intended for disposal<\/strong>. Record the model, serial number, location, data sensitivity, and equipment suitability assessment (whether it is suitable for reuse, sale, recycling, or safe disposal).<\/p><p data-start=\"941\" data-end=\"966\"><strong data-start=\"941\" data-end=\"964\">Key activities:<\/strong><\/p><ul data-start=\"967\" data-end=\"1179\"><li data-start=\"967\" data-end=\"1039\"><p data-start=\"969\" data-end=\"1039\">\u2022 Create a detailed equipment list with unique identifiers.<\/p><\/li><li data-start=\"1040\" data-end=\"1113\"><p data-start=\"1042\" data-end=\"1113\">\u2022 Determining the level of confidentiality of data on devices.<\/p><\/li><li data-start=\"1114\" data-end=\"1179\"><p data-start=\"1116\" data-end=\"1179\">\u2022 Registering equipment in the IT asset management system (ITAM).<\/p><\/li><\/ul><h3 data-start=\"1186\" data-end=\"1218\">2) Planning and risk assessment<\/h3><p data-start=\"1220\" data-end=\"1474\">Based on the inventory, an inventory is created. <strong data-start=\"1259\" data-end=\"1277\">action plan<\/strong>, including data disposal and destruction methods adapted to the type of media and the level of confidentiality of the information, as well as an assessment of the risk associated with each device.<\/p><p data-start=\"1476\" data-end=\"1501\"><strong data-start=\"1476\" data-end=\"1499\">Key activities:<\/strong><\/p><ul data-start=\"1502\" data-end=\"1691\"><li data-start=\"1502\" data-end=\"1571\"><p data-start=\"1504\" data-end=\"1571\">\u2022 Determining sanitization methods for disks, SSDs, flash memory, etc.<\/p><\/li><li data-start=\"1572\" data-end=\"1615\"><p data-start=\"1574\" data-end=\"1615\">\u2022 Schedule of activities and transport rules.<\/p><\/li><li data-start=\"1616\" data-end=\"1691\"><p data-start=\"1618\" data-end=\"1691\">\u2022 Assess which devices can be safely resold or donated.<\/p><\/li><\/ul><h3 data-start=\"1698\" data-end=\"1737\">3) Backup and migration of important data<\/h3><p data-start=\"1739\" data-end=\"1958\">Before the secure data deletion process begins, a <strong data-start=\"1810\" data-end=\"1870\">backups of information that is still needed<\/strong>, and migration to a new environment or archive.<\/p><p data-start=\"1960\" data-end=\"1985\"><strong data-start=\"1960\" data-end=\"1983\">Key activities:<\/strong><\/p><ul data-start=\"1986\" data-end=\"2092\"><li data-start=\"1986\" data-end=\"2031\"><p data-start=\"1988\" data-end=\"2031\">\u2022 <a href=\"https:\/\/prosteit.pl\/en\/data-backup-frequency-company-costs\/\">Data backup<\/a> business and operational.<\/p><\/li><li data-start=\"2032\" data-end=\"2092\"><p data-start=\"2034\" data-end=\"2092\">\u2022 Confirmation of the integrity of saved data after migration.<\/p><\/li><\/ul><h3>4) Data deletion (sanitization\/destruction)<\/h3><p data-start=\"2150\" data-end=\"2442\">This <strong data-start=\"2153\" data-end=\"2175\">the most important stage<\/strong>, in which data is permanently eliminated from media in accordance with agreed methods (certified data erasure, demagnetization or physical destruction). The aim is <strong data-start=\"2341\" data-end=\"2403\">ensuring that data cannot be recovered by any technique<\/strong>.<\/p><p data-start=\"2444\" data-end=\"2471\"><strong data-start=\"2444\" data-end=\"2469\">Example techniques:<\/strong><\/p><ul data-start=\"2472\" data-end=\"2728\"><li data-start=\"2472\" data-end=\"2555\"><p data-start=\"2474\" data-end=\"2555\">\u2022 Software for secure data deletion (overwriting, <em data-start=\"2537\" data-end=\"2551\">crypto erase<\/em>).<\/p><\/li><li data-start=\"2556\" data-end=\"2629\"><p data-start=\"2558\" data-end=\"2629\">\u2022 Demagnetization (degaussing) \u2013 demagnetization of magnetic media.<\/p><\/li><li data-start=\"2630\" data-end=\"2683\"><p data-start=\"2632\" data-end=\"2683\">\u2022 Physical destruction of media (cutting, crushing).<\/p><\/li><li data-start=\"2684\" data-end=\"2728\"><p data-start=\"2686\" data-end=\"2728\">\u2022 Verification of the effect using auditable methods.<\/p><\/li><\/ul><h3 data-start=\"2735\" data-end=\"2788\">5) Transport and chain of custody<\/h3><p data-start=\"2790\" data-end=\"3056\">Equipment intended for disposal or recycling should be <strong data-start=\"2851\" data-end=\"2943\">transported in a controlled manner and provided with chain of responsibility documentation<\/strong>, so that each movement is documented and auditable.<\/p><p data-start=\"3058\" data-end=\"3083\"><strong data-start=\"3058\" data-end=\"3081\">Key activities:<\/strong><\/p><ul data-start=\"3084\" data-end=\"3213\"><li data-start=\"3084\" data-end=\"3138\"><p data-start=\"3086\" data-end=\"3138\">\u2022 Securing equipment in sealed containers.<\/p><\/li><li data-start=\"3139\" data-end=\"3213\"><p data-start=\"3141\" data-end=\"3213\">\u2022 Recording the transfer of devices with the signatures of the responsible persons.<\/p><\/li><\/ul><h3 data-start=\"3220\" data-end=\"3271\">6) Segregation and recycling \/ physical disposal<\/h3><p data-start=\"3273\" data-end=\"3624\">After deletion of data, it is <strong data-start=\"3303\" data-end=\"3341\">segregation of hardware components<\/strong>: components suitable for reuse, recycling, or safe disposal. In this step, specialists separate metals, plastics, batteries, and other parts in accordance with environmental protection principles and e-waste regulations.<\/p><p data-start=\"3626\" data-end=\"3651\"><strong data-start=\"3626\" data-end=\"3649\">Key activities:<\/strong><\/p><ul data-start=\"3652\" data-end=\"3786\"><li data-start=\"3652\" data-end=\"3706\"><p data-start=\"3654\" data-end=\"3706\">\u2022 Separation of recyclable materials.<\/p><\/li><li data-start=\"3707\" data-end=\"3786\"><p data-start=\"3709\" data-end=\"3786\">\u2022 Protection and disposal of hazardous elements (e.g. batteries, toners).<\/p><\/li><\/ul><h3 data-start=\"3793\" data-end=\"3827\">7) Documentation and certification<\/h3><p data-start=\"3829\" data-end=\"4226\">At the end of the process, the recycling company should deliver <strong data-start=\"3884\" data-end=\"3940\">full documentation confirming the activities performed<\/strong>, including data destruction certificates, sanitization protocols, and documents required by waste management regulations (e.g., waste transfer notes). This is a key element for both GDPR compliance and internal and external audits.<\/p><p data-start=\"4228\" data-end=\"4253\"><strong data-start=\"4228\" data-end=\"4251\">Key activities:<\/strong><\/p><ul data-start=\"4254\" data-end=\"4465\"><li data-start=\"4254\" data-end=\"4335\"><p data-start=\"4256\" data-end=\"4335\">\u2022 Certificate confirming the deletion of data or physical destruction of media.<\/p><\/li><li data-start=\"4336\" data-end=\"4396\"><p data-start=\"4338\" data-end=\"4396\">\u2022 Report on the transfer of electronic waste to an authorized recipient.<\/p><\/li><li data-start=\"4397\" data-end=\"4465\"><p data-start=\"4399\" data-end=\"4465\">\u2022 Any documents confirming recycling or recovery of raw materials.<\/p><\/li><\/ul><p data-start=\"4472\" data-end=\"4880\"><strong data-start=\"4475\" data-end=\"4500\">Process Summary:<\/strong><br data-start=\"4500\" data-end=\"4503\" \/>Secure IT disposal is <strong data-start=\"4531\" data-end=\"4579\">cyclical and fully documented procedure<\/strong>, which begins with asset identification, continues with planning and data disposal, and continues with recycling and certification. This structured process minimizes the risk of information leakage, meets regulatory requirements, and provides the company with solid evidence of compliance and professionalism.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b6eec93 elementor-widget elementor-widget-image\" data-id=\"b6eec93\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1536\" height=\"1024\" src=\"https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/bezpieczny-proces-utylizacji-sprzetu-it.webp\" class=\"attachment-full size-full wp-image-12002\" alt=\"Secure data deletion in the company, IT disposal for companies O\u017car\u00f3w Mazowiecki\" srcset=\"https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/bezpieczny-proces-utylizacji-sprzetu-it.webp 1536w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/bezpieczny-proces-utylizacji-sprzetu-it-300x200.webp 300w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/bezpieczny-proces-utylizacji-sprzetu-it-1024x683.webp 1024w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/bezpieczny-proces-utylizacji-sprzetu-it-768x512.webp 768w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/bezpieczny-proces-utylizacji-sprzetu-it-18x12.webp 18w\" sizes=\"(max-width: 1536px) 100vw, 1536px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c53cd24 elementor-widget elementor-widget-text-editor\" data-id=\"c53cd24\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"audyt-it-proste-it\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 data-start=\"0\" data-end=\"72\">How to choose a contractor so as not to buy &quot;paper without security&quot;\u201e<\/h2><p data-start=\"74\" data-end=\"545\">Choosing a partner for IT equipment disposal is <strong data-start=\"117\" data-end=\"152\">a decision with a high risk burden<\/strong> \u2013 both cybersecurity and regulatory compliance. A bad contractor may only provide a declaration without real security measures or a certificate that <strong data-start=\"319\" data-end=\"363\">there is no coverage in the audited processes<\/strong>. Below you will find <strong data-start=\"384\" data-end=\"428\">a condensed list of key criteria<\/strong>, that help distinguish <strong data-start=\"454\" data-end=\"506\">a reliable service provider from a &quot;paper supplier&quot;\u201e<\/strong>.<\/p><h3 data-start=\"552\" data-end=\"611\">1) Data erasure certificates are the foundation<\/h3><p data-start=\"613\" data-end=\"746\">A declaration of &quot;compliance with standards&quot; is not enough - check whether the supplier <strong data-start=\"684\" data-end=\"745\">has formal certificates confirming audited processes<\/strong>.<\/p><ul data-start=\"748\" data-end=\"1339\"><li data-start=\"748\" data-end=\"916\"><p data-start=\"750\" data-end=\"916\"><strong data-start=\"750\" data-end=\"762\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>NAID AAA<\/strong> \u2013 the global standard for secure data destruction services; audits processes, equipment, procedures and documentation.<\/p><\/li><li data-start=\"917\" data-end=\"1144\"><p data-start=\"919\" data-end=\"1144\"><strong data-start=\"919\" data-end=\"951\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>R2v3 (Responsible Recycling)<\/strong> \u2013 a certificate for electronics recycling organizations, covering data sanitization, working with subcontractors and environmental management.<\/p><\/li><li data-start=\"1145\" data-end=\"1339\"><p data-start=\"1147\" data-end=\"1339\"><strong data-start=\"1147\" data-end=\"1160\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>ISO 27001<\/strong> \u2013 confirms that the contractor has an information security management system in place (e.g. policies, access controls, documentation processes).<\/p><\/li><\/ul><p data-start=\"1341\" data-end=\"1488\">These certificates are proof that the company <strong data-start=\"1377\" data-end=\"1449\">not only knows the standards, but actually implements them and undergoes audits<\/strong>.<\/p><h3 data-start=\"1495\" data-end=\"1567\">2) Chain of custody \u2013 essential for security<\/h3><p data-start=\"1569\" data-end=\"1678\">Ask about procedures for <strong data-start=\"1598\" data-end=\"1660\">equipment supervision chain from receipt to destruction<\/strong>. If the contractor:<\/p><ul data-start=\"1680\" data-end=\"1807\"><li data-start=\"1680\" data-end=\"1725\"><p data-start=\"1682\" data-end=\"1725\">\u2022 seals and secures the equipment upon receipt,<\/p><\/li><li data-start=\"1726\" data-end=\"1776\"><p data-start=\"1728\" data-end=\"1776\">\u2022 tracks it with serial numbers at every stage,<\/p><\/li><li data-start=\"1777\" data-end=\"1807\"><p data-start=\"1779\" data-end=\"1807\">\u2022 will document each transfer,<\/p><\/li><\/ul><p data-start=\"1809\" data-end=\"2071\">This significantly reduces the risk of data media being lost, stolen, or accidentally leaked. It is the lack of such evidence that often causes companies to <strong data-start=\"1971\" data-end=\"2032\">formally they cannot prove compliance with GDPR or audit<\/strong>.<\/p><h3 data-start=\"2078\" data-end=\"2127\">3) Documentation and certificate of service performance<\/h3><p data-start=\"2129\" data-end=\"2309\">A good contractor must provide you <strong data-start=\"2164\" data-end=\"2199\">protocol\/proof of data deletion<\/strong> on the level <strong data-start=\"2212\" data-end=\"2236\">single carrier<\/strong> (e.g. with the disk serial number). The documents should clearly describe:<\/p><ul data-start=\"2311\" data-end=\"2521\"><li data-start=\"2311\" data-end=\"2395\"><p data-start=\"2313\" data-end=\"2395\">\u2022 what method was used (e.g. purging, physical destruction according to NIST 800-88),<\/p><\/li><li data-start=\"2396\" data-end=\"2446\"><p data-start=\"2398\" data-end=\"2446\">\u2022 what standard\/certificate is the basis for the action,<\/p><\/li><li data-start=\"2447\" data-end=\"2521\"><p data-start=\"2449\" data-end=\"2521\">\u2022 who, when and how performed the operation.<\/p><\/li><\/ul><p data-start=\"2523\" data-end=\"2630\">Such a certificate is <strong data-start=\"2542\" data-end=\"2560\">audit evidence<\/strong>, which you can present in internal or external audits.<\/p><h3 data-start=\"2637\" data-end=\"2683\">4) Check compliance with technical standards<\/h3><p data-start=\"2685\" data-end=\"2776\">The service provider should work in accordance with <strong data-start=\"2725\" data-end=\"2768\">recognized data sanitization standards<\/strong>, e.g.:<\/p><ul data-start=\"2777\" data-end=\"3088\"><li data-start=\"2777\" data-end=\"2932\"><p data-start=\"2779\" data-end=\"2932\"><strong data-start=\"2779\" data-end=\"2797\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>NIST SP 800-88<\/strong> \u2013 defines the Clear, Purge, Destroy methods that help estimate the technical risk of the operation.<\/p><\/li><li data-start=\"2933\" data-end=\"3088\"><p data-start=\"2935\" data-end=\"3088\"><strong data-start=\"2935\" data-end=\"2964\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>ISO\/IEC 21964 \/ DIN 66399<\/strong> \u2013 determines the security levels of physical destruction of media (types of cuttings, etc.).<\/p><\/li><\/ul><p data-start=\"3090\" data-end=\"3235\">Make sure the contractor not only knows these standards, but <strong data-start=\"3144\" data-end=\"3196\">applies them in practice and can document it<\/strong>.<\/p><h3 data-start=\"3242\" data-end=\"3296\">5) Evaluation of subcontractors and the entire chain of proceedings<\/h3><p data-start=\"3298\" data-end=\"3468\">A professional partner not only performs the operations himself, but also <strong data-start=\"3363\" data-end=\"3417\">selects its subcontractors in accordance with procedures<\/strong> (e.g. recycling plants, transport). This means:<\/p><ul data-start=\"3470\" data-end=\"3641\"><li data-start=\"3470\" data-end=\"3509\"><p data-start=\"3472\" data-end=\"3509\">\u2022 thorough verification of subcontractors,<\/p><\/li><li data-start=\"3510\" data-end=\"3557\"><p data-start=\"3512\" data-end=\"3557\">\u2022 monitoring their certificates and compliance,<\/p><\/li><li data-start=\"3558\" data-end=\"3641\"><p data-start=\"3560\" data-end=\"3641\">\u2022 documenting the entire media flow.<\/p><\/li><\/ul><p data-start=\"3643\" data-end=\"3767\">The lack of such verification is a common reason why a nominally \u201ecertified\u201d process is actually not secure.<\/p><h3 data-start=\"3774\" data-end=\"3837\">6) Liability insurance and audit support<\/h3><p data-start=\"3839\" data-end=\"4032\">A good contractor should offer <strong data-start=\"3873\" data-end=\"3917\">liability insurance<\/strong> for damage caused during the disposal process, e.g. as a result of an error or incident.<\/p><p data-start=\"4034\" data-end=\"4212\">Additionally, services in which the partner is <strong data-start=\"4083\" data-end=\"4170\">helps prepare documentation and answer audit or GDPR control questions<\/strong> \u2013 this significantly increases the value of cooperation.<\/p><h3 data-start=\"4219\" data-end=\"4265\">Key questions for a potential contractor<\/h3><p data-start=\"4267\" data-end=\"4309\">Before you sign a contract, it is worth asking questions such as:<\/p><ul data-start=\"4310\" data-end=\"4747\"><li data-start=\"4310\" data-end=\"4371\"><p data-start=\"4312\" data-end=\"4371\">\u2022 What certificates does the company have and can you see them?<\/p><\/li><li data-start=\"4372\" data-end=\"4426\"><p data-start=\"4374\" data-end=\"4426\">\u2022 How does it document the equipment chain of custody?<\/p><\/li><li data-start=\"4427\" data-end=\"4506\"><p data-start=\"4429\" data-end=\"4506\">\u2022 Does it issue a certificate of destruction with unique media identifiers?<\/p><\/li><li data-start=\"4507\" data-end=\"4574\"><p data-start=\"4509\" data-end=\"4574\">\u2022 What data sanitization standards does it use and how does it verify them?<\/p><\/li><li data-start=\"4575\" data-end=\"4635\"><p data-start=\"4577\" data-end=\"4635\">\u2022 How do subcontractors and their certificates get verified?<\/p><\/li><li data-start=\"4636\" data-end=\"4747\"><p data-start=\"4638\" data-end=\"4747\">\u2022 Does it offer liability insurance and audit support?<\/p><\/li><\/ul><p data-start=\"4771\" data-end=\"5186\">To sum up,<\/p><p data-start=\"4771\" data-end=\"5186\">When choosing a data disposal and secure deletion contractor, <strong data-start=\"4835\" data-end=\"4887\">don&#039;t just look at declarations and general promises<\/strong> - search <strong data-start=\"4897\" data-end=\"4991\">specifics: certificates, documented processes, equipment tracking and audit evidence<\/strong>. Only then can you be truly certain that the process is safe, compliant with regulations, and based on international standards, not just &quot;paper assurances.&quot;.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-62db9aa elementor-widget elementor-widget-heading\" data-id=\"62db9aa\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"najczesciej-zadawane-pytania\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\"><span style=\"font-size: 24px\">Frequently asked questions<\/span><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t<div data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-element elementor-element-db6d240 e-flex e-con-boxed e-con e-parent\" data-id=\"db6d240\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;ekit_has_onepagescroll_dot&quot;:&quot;yes&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-771bc5a elementor-widget elementor-widget-elementskit-accordion\" data-id=\"771bc5a\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"elementskit-accordion.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"ekit-wid-con\" >\n        <div class=\"elementskit-accordion accoedion-primary side-curve\" id=\"accordion-69dc699208e6a\">\n\n            \n                <div class=\"elementskit-card active\">\n                    <div class=\"elementskit-card-header\" id=\"primaryHeading-0-771bc5a\">\n                        <a href=\"#collapse-0c8ca2069dc699208e6a\" class=\"ekit-accordion--toggler elementskit-btn-link collapsed\" data-ekit-toggle=\"collapse\" data-target=\"#Collapse-0c8ca2069dc699208e6a\" aria-expanded=\"true\" aria-controls=\"Collapse-0c8ca2069dc699208e6a\">\n                            \n                            <span class=\"ekit-accordion-title\">Is it necessary to delete personal data from computers before disposal in accordance with GDPR?<\/span>\n\n                            \n                                <div class=\"ekit_accordion_icon_group\">\n                                    <div class=\"ekit_accordion_normal_icon\">\n                                        <!-- Normal Icon -->\n\t\t\t\t\t\t\t\t\t\t<i class=\"icon icon-down-arrow1\"><\/i>                                    <\/div>\n\n                                    <div class=\"ekit_accordion_active_icon\">\n                                        <!-- Active Icon -->\n\t\t\t\t\t\t\t\t\t\t<i class=\"icon icon-up-arrow\"><\/i>                                    <\/div>\n                                <\/div>\n\n                            \n                                                    <\/a>\n                    <\/div>\n\n                    <div id=\"Collapse-0c8ca2069dc699208e6a\" class=\"show collapse\" aria-labelledby=\"primaryHeading-0-771bc5a\" data-parent=\"#accordion-69dc699208e6a\">\n\n                        <div class=\"elementskit-card-body ekit-accordion--content\">\n                            <p>Yes \u2013 if the equipment contains personal data (e.g. customers, employees), it must be <strong>permanently delete or destroy them so that they cannot be recovered<\/strong> in accordance with the principle of storage limitation and data minimization. Standard file deletion or formatting <strong>is not always enough<\/strong>, because the data may remain on the medium and be recovered using specialized tools.<\/p>                        <\/div>\n\n                    <\/div>\n\n                <\/div><!-- .elementskit-card END -->\n\n                \n                <div class=\"elementskit-card\">\n                    <div class=\"elementskit-card-header\" id=\"primaryHeading-1-771bc5a\">\n                        <a href=\"#collapse-9cdc47c69dc699208e6a\" class=\"ekit-accordion--toggler elementskit-btn-link collapsed\" data-ekit-toggle=\"collapse\" data-target=\"#Collapse-9cdc47c69dc699208e6a\" aria-expanded=\"false\" aria-controls=\"Collapse-9cdc47c69dc699208e6a\">\n                            \n                            <span class=\"ekit-accordion-title\">Is formatting the drive enough before recycling the equipment?<\/span>\n\n                            \n                                <div class=\"ekit_accordion_icon_group\">\n                                    <div class=\"ekit_accordion_normal_icon\">\n                                        <!-- Normal Icon -->\n\t\t\t\t\t\t\t\t\t\t<i class=\"icon icon-down-arrow1\"><\/i>                                    <\/div>\n\n                                    <div class=\"ekit_accordion_active_icon\">\n                                        <!-- Active Icon -->\n\t\t\t\t\t\t\t\t\t\t<i class=\"icon icon-up-arrow\"><\/i>                                    <\/div>\n                                <\/div>\n\n                            \n                                                    <\/a>\n                    <\/div>\n\n                    <div id=\"Collapse-9cdc47c69dc699208e6a\" class=\"collapse\" aria-labelledby=\"primaryHeading-1-771bc5a\" data-parent=\"#accordion-69dc699208e6a\">\n\n                        <div class=\"elementskit-card-body ekit-accordion--content\">\n                            <p>No. Only <strong>permanent data sanitization<\/strong> \u2013 for example, overwriting in accordance with standards (such as NIST 800-88) or physically destroying the media \u2013 ensures that the data cannot be recovered. Formatting leaves the data on the media in a form that can be reconstructed by advanced tools.<\/p>                        <\/div>\n\n                    <\/div>\n\n                <\/div><!-- .elementskit-card END -->\n\n                \n                <div class=\"elementskit-card\">\n                    <div class=\"elementskit-card-header\" id=\"primaryHeading-2-771bc5a\">\n                        <a href=\"#collapse-f41ff4569dc699208e6a\" class=\"ekit-accordion--toggler elementskit-btn-link collapsed\" data-ekit-toggle=\"collapse\" data-target=\"#Collapse-f41ff4569dc699208e6a\" aria-expanded=\"false\" aria-controls=\"Collapse-f41ff4569dc699208e6a\">\n                            \n                            <span class=\"ekit-accordion-title\">What documents should I receive from the contractor after data deletion?<\/span>\n\n                            \n                                <div class=\"ekit_accordion_icon_group\">\n                                    <div class=\"ekit_accordion_normal_icon\">\n                                        <!-- Normal Icon -->\n\t\t\t\t\t\t\t\t\t\t<i class=\"icon icon-down-arrow1\"><\/i>                                    <\/div>\n\n                                    <div class=\"ekit_accordion_active_icon\">\n                                        <!-- Active Icon -->\n\t\t\t\t\t\t\t\t\t\t<i class=\"icon icon-up-arrow\"><\/i>                                    <\/div>\n                                <\/div>\n\n                            \n                                                    <\/a>\n                    <\/div>\n\n                    <div id=\"Collapse-f41ff4569dc699208e6a\" class=\"collapse\" aria-labelledby=\"primaryHeading-2-771bc5a\" data-parent=\"#accordion-69dc699208e6a\">\n\n                        <div class=\"elementskit-card-body ekit-accordion--content\">\n                            <p>A professional contractor should provide you with:<\/p><ul><li><p><strong>certificate or protocol of data deletion<\/strong>,<\/p><\/li><li><p>confirmation of the type of method used (e.g. overwriting or destruction),<\/p><\/li><li><p><strong>media serial number or other identifier<\/strong>,<\/p><\/li><li><p>documentation compliant with audits and possible GDPR controls.<\/p><\/li><\/ul><p>This gives you proof that the process was performed correctly and in accordance with good practices.<\/p>                        <\/div>\n\n                    <\/div>\n\n                <\/div><!-- .elementskit-card END -->\n\n                \n                <div class=\"elementskit-card\">\n                    <div class=\"elementskit-card-header\" id=\"primaryHeading-3-771bc5a\">\n                        <a href=\"#collapse-6c8790769dc699208e6a\" class=\"ekit-accordion--toggler elementskit-btn-link collapsed\" data-ekit-toggle=\"collapse\" data-target=\"#Collapse-6c8790769dc699208e6a\" aria-expanded=\"false\" aria-controls=\"Collapse-6c8790769dc699208e6a\">\n                            \n                            <span class=\"ekit-accordion-title\">Do I have to register my company with BDO if I dispose of IT equipment?<\/span>\n\n                            \n                                <div class=\"ekit_accordion_icon_group\">\n                                    <div class=\"ekit_accordion_normal_icon\">\n                                        <!-- Normal Icon -->\n\t\t\t\t\t\t\t\t\t\t<i class=\"icon icon-down-arrow1\"><\/i>                                    <\/div>\n\n                                    <div class=\"ekit_accordion_active_icon\">\n                                        <!-- Active Icon -->\n\t\t\t\t\t\t\t\t\t\t<i class=\"icon icon-up-arrow\"><\/i>                                    <\/div>\n                                <\/div>\n\n                            \n                                                    <\/a>\n                    <\/div>\n\n                    <div id=\"Collapse-6c8790769dc699208e6a\" class=\"collapse\" aria-labelledby=\"primaryHeading-3-771bc5a\" data-parent=\"#accordion-69dc699208e6a\">\n\n                        <div class=\"elementskit-card-body ekit-accordion--content\">\n                            <p>If your company <strong>generates non-municipal waste<\/strong> (e.g. e-waste from computers, phones, printers), it is usually <strong>you must register with BDO \u2013 Database of Products, Packaging and Waste Management<\/strong> and record the transfer of equipment for disposal or recycling.<\/p>                        <\/div>\n\n                    <\/div>\n\n                <\/div><!-- .elementskit-card END -->\n\n                \n                <div class=\"elementskit-card\">\n                    <div class=\"elementskit-card-header\" id=\"primaryHeading-4-771bc5a\">\n                        <a href=\"#collapse-cc1dd7a69dc699208e6a\" class=\"ekit-accordion--toggler elementskit-btn-link collapsed\" data-ekit-toggle=\"collapse\" data-target=\"#Collapse-cc1dd7a69dc699208e6a\" aria-expanded=\"false\" aria-controls=\"Collapse-cc1dd7a69dc699208e6a\">\n                            \n                            <span class=\"ekit-accordion-title\">How does the BDO system work and why is it important?<\/span>\n\n                            \n                                <div class=\"ekit_accordion_icon_group\">\n                                    <div class=\"ekit_accordion_normal_icon\">\n                                        <!-- Normal Icon -->\n\t\t\t\t\t\t\t\t\t\t<i class=\"icon icon-down-arrow1\"><\/i>                                    <\/div>\n\n                                    <div class=\"ekit_accordion_active_icon\">\n                                        <!-- Active Icon -->\n\t\t\t\t\t\t\t\t\t\t<i class=\"icon icon-up-arrow\"><\/i>                                    <\/div>\n                                <\/div>\n\n                            \n                                                    <\/a>\n                    <\/div>\n\n                    <div id=\"Collapse-cc1dd7a69dc699208e6a\" class=\"collapse\" aria-labelledby=\"primaryHeading-4-771bc5a\" data-parent=\"#accordion-69dc699208e6a\">\n\n                        <div class=\"elementskit-card-body ekit-accordion--content\">\n                            <p>BDO is the central <strong>waste registration system in Poland<\/strong>, which allows you to supervise how entrepreneurs <strong>they manage waste<\/strong> \u2013 from their creation to their transfer for recycling or disposal. If you do not register with BDO or do not maintain the required documentation, you may be exposed to <strong>high financial penalties<\/strong>, and activities related to the collection and disposal of waste may be considered illegal.<\/p>                        <\/div>\n\n                    <\/div>\n\n                <\/div><!-- .elementskit-card END -->\n\n                \n                <div class=\"elementskit-card\">\n                    <div class=\"elementskit-card-header\" id=\"primaryHeading-5-771bc5a\">\n                        <a href=\"#collapse-0897ce669dc699208e6a\" class=\"ekit-accordion--toggler elementskit-btn-link collapsed\" data-ekit-toggle=\"collapse\" data-target=\"#Collapse-0897ce669dc699208e6a\" aria-expanded=\"false\" aria-controls=\"Collapse-0897ce669dc699208e6a\">\n                            \n                            <span class=\"ekit-accordion-title\">What services can we offer for secure data deletion and IT equipment disposal?<\/span>\n\n                            \n                                <div class=\"ekit_accordion_icon_group\">\n                                    <div class=\"ekit_accordion_normal_icon\">\n                                        <!-- Normal Icon -->\n\t\t\t\t\t\t\t\t\t\t<i class=\"icon icon-down-arrow1\"><\/i>                                    <\/div>\n\n                                    <div class=\"ekit_accordion_active_icon\">\n                                        <!-- Active Icon -->\n\t\t\t\t\t\t\t\t\t\t<i class=\"icon icon-up-arrow\"><\/i>                                    <\/div>\n                                <\/div>\n\n                            \n                                                    <\/a>\n                    <\/div>\n\n                    <div id=\"Collapse-0897ce669dc699208e6a\" class=\"collapse\" aria-labelledby=\"primaryHeading-5-771bc5a\" data-parent=\"#accordion-69dc699208e6a\">\n\n                        <div class=\"elementskit-card-body ekit-accordion--content\">\n                            <p>We offer comprehensive support for companies \u2013 from <strong>equipment inventory<\/strong>, By <strong>certified data deletion in accordance with the best standards<\/strong>, until <strong>safe collection, disposal and BDO documentation<\/strong>. We provide full confirmation of completed activities, which you can use in audits, GDPR checks, or environmental reporting.<\/p>                        <\/div>\n\n                    <\/div>\n\n                <\/div><!-- .elementskit-card END -->\n\n                                                        <script type=\"application\/ld+json\">{\n    \"@context\": \"https:\\\/\\\/schema.org\",\n    \"@type\": \"FAQPage\",\n    \"mainEntity\": [\n        {\n            \"@type\": \"Question\",\n            \"name\": \"Czy trzeba usuwa\\u0107 dane osobowe z komputer\\u00f3w przed utylizacj\\u0105 zgodnie z RODO?\",\n            \"acceptedAnswer\": {\n                \"@type\": \"Answer\",\n                \"text\": \"<p>Tak \\u2013 je\\u017celi na sprz\\u0119cie znajduj\\u0105 si\\u0119 dane osobowe (np. klient\\u00f3w, pracownik\\u00f3w), nale\\u017cy je <strong>trwale usun\\u0105\\u0107 lub zniszczy\\u0107 tak, aby nie by\\u0142y mo\\u017cliwe do odzyskania<\\\/strong> zgodnie z zasad\\u0105 ograniczenia przechowywania i minimalizacji danych. Standardowe skasowanie plik\\u00f3w lub formatowanie <strong>nie zawsze wystarcza<\\\/strong>, bo dane mog\\u0105 pozosta\\u0107 na no\\u015bniku i zosta\\u0107 odzyskane specjalistycznymi narz\\u0119dziami.<\\\/p>\"\n            }\n        },\n        {\n            \"@type\": \"Question\",\n            \"name\": \"Czy samo formatowanie dysku wystarczy przed oddaniem sprz\\u0119tu do recyklingu?\",\n            \"acceptedAnswer\": {\n                \"@type\": \"Answer\",\n                \"text\": \"<p>Nie. Tylko <strong>trwa\\u0142a sanitizacja danych<\\\/strong> \\u2013 np. nadpisanie zgodne z normami (jak NIST 800-88) lub fizyczne zniszczenie no\\u015bnika \\u2013 zapewnia, \\u017ce dane nie mog\\u0105 zosta\\u0107 odzyskane. Formatowanie pozostawia dane na no\\u015bniku w formie, kt\\u00f3ra mo\\u017ce by\\u0107 odtworzona przez zaawansowane narz\\u0119dzia.<\\\/p>\"\n            }\n        },\n        {\n            \"@type\": \"Question\",\n            \"name\": \"Jakie dokumenty powinienem dosta\\u0107 od wykonawcy po usuni\\u0119ciu danych?\",\n            \"acceptedAnswer\": {\n                \"@type\": \"Answer\",\n                \"text\": \"<p>Profesjonalny wykonawca powinien dostarczy\\u0107 Ci:<\\\/p><ul><li><p><strong>certyfikat lub protok\\u00f3\\u0142 usuni\\u0119cia danych<\\\/strong>,<\\\/p><\\\/li><li><p>potwierdzenie rodzaju zastosowanej metody (np. nadpisanie lub niszczenie),<\\\/p><\\\/li><li><p><strong>numer seryjny no\\u015bnika lub inny identyfikator<\\\/strong>,<\\\/p><\\\/li><li><p>dokumentacj\\u0119 zgodn\\u0105 z audytami i ewentualnymi kontrolami RODO.<\\\/p><\\\/li><\\\/ul><p>To daje Ci dow\\u00f3d, \\u017ce proces by\\u0142 wykonany prawid\\u0142owo i zgodnie z dobrymi praktykami.<\\\/p>\"\n            }\n        },\n        {\n            \"@type\": \"Question\",\n            \"name\": \"Czy musz\\u0119 rejestrowa\\u0107 firm\\u0119 w BDO, je\\u015bli utylizuj\\u0119 sprz\\u0119t IT?\",\n            \"acceptedAnswer\": {\n                \"@type\": \"Answer\",\n                \"text\": \"<p>Je\\u015bli Twoja firma <strong>generuje odpady inne ni\\u017c komunalne<\\\/strong> (czyli np. elektroodpady z komputer\\u00f3w, telefon\\u00f3w, drukarek), to zazwyczaj <strong>musisz si\\u0119 zarejestrowa\\u0107 w BDO \\u2013 Bazie Danych o Produktach, Opakowaniach i Gospodarce Odpadami<\\\/strong> i ewidencjonowa\\u0107 przekazanie sprz\\u0119tu do utylizacji lub recyklingu.<\\\/p>\"\n            }\n        },\n        {\n            \"@type\": \"Question\",\n            \"name\": \"Jak dzia\\u0142a system BDO i dlaczego jest to wa\\u017cne?\",\n            \"acceptedAnswer\": {\n                \"@type\": \"Answer\",\n                \"text\": \"<p>BDO to centralny <strong>system ewidencji odpad\\u00f3w w Polsce<\\\/strong>, kt\\u00f3ry pozwala nadzorowa\\u0107, jak przedsi\\u0119biorcy <strong>gospodaruj\\u0105 odpadami<\\\/strong> \\u2013 od ich powstania a\\u017c po przekazanie do recyklingu czy unieszkodliwienia. Je\\u015bli nie rejestrujesz si\\u0119 w BDO lub nie prowadzisz wymaganej dokumentacji, mo\\u017cesz narazi\\u0107 si\\u0119 na <strong>wysokie kary finansowe<\\\/strong>, a dzia\\u0142alno\\u015b\\u0107 zwi\\u0105zan\\u0105 z odbiorem i utylizacj\\u0105 odpad\\u00f3w mo\\u017ce by\\u0107 uznana za nielegaln\\u0105.<\\\/p>\"\n            }\n        },\n        {\n            \"@type\": \"Question\",\n            \"name\": \"Jakie us\\u0142ugi mo\\u017cemy zaoferowa\\u0107 w zakresie bezpiecznego usuwania danych i utylizacji sprz\\u0119tu IT?\",\n            \"acceptedAnswer\": {\n                \"@type\": \"Answer\",\n                \"text\": \"<p>Oferujemy kompleksowe wsparcie dla firm \\u2013 od <strong>inwentaryzacji sprz\\u0119tu<\\\/strong>, przez <strong>certyfikowane kasowanie danych zgodne z najlepszymi standardami<\\\/strong>, a\\u017c po <strong>bezpieczny odbi\\u00f3r, utylizacj\\u0119 i dokumentacj\\u0119 BDO<\\\/strong>. Zapewniamy pe\\u0142ne potwierdzenia wykonanych dzia\\u0142a\\u0144, kt\\u00f3re mo\\u017cesz wykorzysta\\u0107 w audytach, kontroli RODO lub raportowaniu \\u015brodowiskowym.<\\\/p>\"\n            }\n        }\n    ]\n}<\/script>\n                                <\/div>\n    <\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-803695f elementor-widget elementor-widget-text-editor\" data-id=\"803695f\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p data-start=\"17\" data-end=\"483\">Securely erasing data before IT equipment disposal isn&#039;t a &quot;technical detail,&quot; but a component of real risk management within a company. Formatting or restoring factory settings alone doesn&#039;t guarantee that information won&#039;t be recovered. Only the conscious application of standards such as NIST 800-88 and ISO\/IEC 21964, combined with proper documentation and compliance with GDPR and BDO, creates a process that is defensible both technically and audit-wise.<\/p><p data-start=\"485\" data-end=\"549\">Well-planned IT disposal is a combination of three pillars:<\/p><ul data-start=\"550\" data-end=\"691\"><li data-start=\"550\" data-end=\"590\"><p data-start=\"552\" data-end=\"590\">\u2022 the right method <a href=\"https:\/\/en.wikipedia.org\/wiki\/Data_sanitization\" target=\"_blank\" rel=\"noopener\">data sanitization<\/a>,<\/p><\/li><li data-start=\"591\" data-end=\"631\"><p data-start=\"593\" data-end=\"631\">\u2022 chain of responsibility control,<\/p><\/li><li data-start=\"632\" data-end=\"691\"><p data-start=\"634\" data-end=\"691\">\u2022 complete documentation confirming the performance of the service.<\/p><\/li><\/ul><p data-start=\"693\" data-end=\"942\">It&#039;s not just a matter <a href=\"https:\/\/prosteit.pl\/en\/it-security-is-not-just-about-systems\/\">safety<\/a> information, but also company reputation, management accountability, and regulatory compliance. The equipment may be &quot;old,&quot; but the data stored on it still holds value\u2014to you or to someone trying to recover it.<\/p><p data-start=\"944\" data-end=\"1149\" data-is-last-node=\"\" data-is-only-node=\"\">If this topic concerns your company and you&#039;d like to streamline your IT disposal process in a secure, compliant, and well-documented manner, please get in touch. We&#039;d be happy to help you through it step by step.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>In a world where data is one of the most valuable corporate assets, improperly deleting it can cost more than the hardware itself, which has just stopped working. A simple &quot;formatting&quot; or factory reset is often an illusion of security \u2013 remnants of information remain, waiting for someone to recover them. Even after disposing of old laptops or servers, you may unknowingly hand over [\u2026]<\/p>","protected":false},"author":4,"featured_media":12007,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[455],"tags":[421,1090,1089,1091],"class_list":["post-11992","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bezpieczenstwo","tag-bezpieczenstwo-it","tag-iso-21964","tag-nist-800-88","tag-usuwanie-danych"],"_links":{"self":[{"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/posts\/11992","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/comments?post=11992"}],"version-history":[{"count":8,"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/posts\/11992\/revisions"}],"predecessor-version":[{"id":12121,"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/posts\/11992\/revisions\/12121"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/media\/12007"}],"wp:attachment":[{"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/media?parent=11992"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/categories?post=11992"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/tags?post=11992"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}