Request Callback

Ever wondered what a certificate of destruction (COD) stands for? A COD is proof of destruction in line with the Data Protection Act 1998. It forms part of the audit for your paper trail – an official document to state that important and confidential data was removed from your offices and destroyed in the correct fashion. For compliance, you need to keep hold of your certificate of destruction as a legal record.

What a COD should look like:

On your COD, you should expect the following information:

  • The company who carried out the destruction (the “data processor”)
  • The shredding declaration
  • The description and amount of the items shredded
  • The date the shredding took place
  • You or your organisation’s name and the date

The Data Protection Act 1998 declares,

“Where processing of personal data is carried out by a data processor on behalf of a data controller, the data controller must in order to comply with the seventh principle: (a) choose a data processor providing sufficient guarantees in respect of the technical and organisational security measures governing the processing to be carried out, and (b) take reasonable steps to ensure compliance with those measures.”

The legal requirement

Some organisations need to be supplied with CODs by law. Places like the NHS and the BBC require these certificates to be issued as a legal requirement, but a reliable data processor should present a COD to each and every client as a matter of process.


If you’ve never received a COD from your current shredding company, it could mean that your supplier isn’t complying with the strict rules that govern data destruction. As a result, you could be putting yourself at risk of data breaches.

At Box-it North West, we are very aware of our responsibilities and the importance of destroying data securely. Every job we carry out comes with a COD that gives our customers peace of mind that all documents handed over to us for destruction have been shredded properly.


Posted on: June 16th, 2017