In this edition of The Standards Behind Certus, we take a closer look at GDPR compliance and how data erasure laws worldwide are evolving. What started as a European regulation has become the foundation for global data protection, especially when it comes to GDPR data erasure and secure data disposal.

The way businesses think about storage is changing. With an ongoing SSD shortage and rising prices, simply buying new drives is no longer the solution. Organizations are under pressure to do more with what they already have. But reusing storage isn’t just a technical decision; it’s a security challenge. That’s where secure data erasure becomes more important.

Most organizations don’t think about their data erasure process until something happens. An audit, security incident, or compliance check can quickly show the difference between what you expect and what you can actually prove. Let’s look at some common myths about data erasure and how they can lead to mistakes.

Many people think of data erasure as just another technical step when retiring IT equipment. Devices are taken out of service, processed, and the data is removed. However, this is actually when the real business risk starts. When devices leave your organization, the data on them can still be valuable and risky if not properly erased.

Outsourcing data erasure is a smart, efficient way to meet your data security needs. If your team is short on time, managing many devices, or looking for expert support, letting professionals handle the process can make things much easier for your organization. However, choosing to outsource your data erasure means you need a partner you can truly rely on. Not all providers offer the same level of security or expertise.

We’re excited to announce that Certus has earned two new ADISA recertifications, further demonstrating the strength of our data erasure technology. These certifications confirm that our solutions have successfully passed independent testing designed to verify that data is permanently removed from devices.

In this edition of The Standards Behind Certus, we’re taking a closer look at HIPAA, one of the most recognized data protection regulations in healthcare. We’ll explain what HIPAA is, why secure data disposal matters, and how Certus can help your organization stay compliant when managing healthcare data.

IT asset disposal is no longer only an IT task. In audits, the question is no longer whether devices were wiped, but whether you can prove it. Regulators everywhere are raising the bar for data protection and accountability. Whether you are dealing with GDPR, U.S. privacy laws, or industry-specific rules, your organization is expected to keep control of sensitive data, even after devices are retired or recycled. Your responsibility continues, even after the equipment leaves your building.

Recent reports have shown that the European Commission faced a cyber incident involving mobile devices. While details are still emerging, this highlights an important reality: smartphones and tablets are now essential access points in any IT environment. As these devices handle more sensitive data, it's crucial to manage them with the same care as any other endpoint.

Many organizations still see data erasure as just an IT task, handled when devices are retired. However, this view is quickly becoming risky and outdated. Today, data erasure is a board-level risk with real legal, financial, and reputational impact. If data is not properly erased, responsibility extends beyond IT and can reach your executive team and board members.

Mergers, acquisitions, divestitures, and corporate exits require complex strategic planning, including deal pricing, legal structures, and financial forecasting. However, data risk management, especially data erasure, is often overlooked. During corporate transitions, improper handling of data can create significant compliance risks, security exposure, and long-term liabilities that directly impact the success of the transaction.

Secure data erasure is not just about deleting data; it also involves how, where, and under what conditions that data is erased. For organizations managing sensitive IT assets in various environments, it's crucial to understand the difference between data erasure with or without internet. This knowledge is essential for maintaining security compliance and ensuring operational efficiency.

Data erasure no longer ends when a device is wiped. For organizations operating in highly regulated environments, proof has become just as important as the erasure itself. Regulators, auditors, customers, and partners increasingly require clear evidence that data has been permanently erased in line with recognized standards.

The EU Cyber Resilience Act alters how organizations handle digital product security throughout their lifecycle. Though effective from December 2024, its impact peaks in 2026, especially for those involved in IT asset reuse and decommissioning. At that stage, expectations will shift from policy preparation to demonstrable risk reduction, highlighting the importance of effective data erasure.

Secure data erasure is essential, but understanding the actual condition of a device is just as critical. That’s why we’re proud to introduce Diagnostics as a new feature within our software for both computers and mobile devices. With our Diagnostics feature, organizations can assess, document, and report on the functional condition of devices before reuse, resale, or recycling, all within the same trusted Certus environment.

At Certus, we believe data erasure is a fundamental enabler of circular IT. Without absolute certainty that sensitive data is permanently removed, large-scale reuse of IT equipment simply isn’t possible. That’s why we’re proud to partner with Circular Computing. Together, we share a clear mission: enabling secure, compliant, and responsible IT reuse at scale, while reducing e-waste and the environmental impact of technology.

At Certus, we strive to simplify secure data erasure while providing the technical assurance you need. This week, we reached a significant milestone: Certus Erasure 4.0.0 has passed ADISA Product Assurance testing at Assurance Level 5, including NVMe erasure tests per IEEE 2883 and NIST 800-88 guidelines. This certification confirms the reliability of our methods and the trust our customers have in us.

In this edition of The Standards Behind Certus, we take a closer look at one of the most important regulations shaping how organizations manage personal data: the General Data Protection Regulation (GDPR). This blog explains what the GDPR is, how Certus supports GDPR-aligned data erasure, and what this means for your organization.

Q4 is always a unique moment in the business calendar. Budgets are being finalised, compliance checks are intensifying, and IT teams are pushing to close the year with a clean slate. Yet one critical area still gets postponed far too often: data erasure. If your organisation handles laptops, servers, mobile devices, or storage systems, Q4 isn’t a time to delay; it’s the time to act. Here’s why data erasure deserves a place on your end-of-year priority list:

At Certus, we see an alarming trend: while companies invest millions in cybersecurity, the most vulnerable link is often overlooked, the data on equipment leaving their premises. The hard drives and servers exiting your data center are a prime target for cybercriminals. In 2025, supply chain attacks are specifically targeting end-of-life IT assets. Here's how certified data erasure provides your ultimate defense.

In our latest video interview, CEO Ruud de Wildt sits down with Marketing Manager Debie Strijker to introduce Certus Software and share what drives the company forward.

IT environments are becoming more complex by the day, automation and integration are no longer a luxury, they’re a necessity. Organizations need solutions that fit effortlessly into their existing infrastructure, not tools that require them to rebuild their processes from scratch. That’s why one of the most powerful trends shaping the data erasure industry today is the move toward API-driven, automated workflows. 

Earlier this month, Google announced a shift from traditional disk erasure to encryption-based media sanitization, a process that destroys encryption keys to make data inaccessible. While this marks progress in data protection, it also highlights an important distinction: “Encryption hides data. Certified data erasure removes it, permanently.”

International standards are the foundation of secure and verifiable data erasure. In our series The Standards Behind Certus, we explore the frameworks that shape the way organizations protect sensitive information. This time, we focus on the IEEE standards and their role in data sanitization.