Recommendation on Data Erasure of IT Equipment

If IT equipment is discarded, returned to a leasing company or otherwise disposed of, it must be ensured that it has been treated by means of appropriate methods to exclude any kind of data recovery – also with help of modern methods of IT forensics. In order to ensure a secure data erasure, a complete documentation should be carried out at an enterprise. The documentation meets internal compliance criteria and at the same time serves as a proof of compliance with the legal data protection requirements.


The data erasure methods offered by standard operating systems regularly do not perform a secure data erasure on hard disks. Standard programs usually delete only the assignment references from the contents directories of data carriers. Therefore, the protected personal data must be destroyed using special methods.

In order to avoid infringements of data protection regulations, IT systems must undergo a secure data erasure. Often this also seems necessary so that to exclude the leakage of highly sensitive enterprise data.

The German Association for Data Protection recommends that all data carriers containing personal data or sensitive enterprise data are to be erased at least by means of a method which provides for a threefold overwriting. For highly sensitive or strictly confidential data, we recommend an erasure method, which performs a 7-fold overwriting.