That cupboard of dead laptops, the stack of retired PCs in the corner, the old server humming pointlessly in the comms room - getting rid of old IT feels like a job you can put off forever. You cannot, for two reasons that bite hard: those devices hold data that can come back to haunt you, and the law in the UK is specific about how electronics must be disposed of. Done properly, IT disposal protects you on both fronts and can even recover a little value. Here is how to do it right.
The two risks hiding in that cupboard
Old kit carries two distinct dangers, and a safe disposal process has to address both. Ignore either and you are exposed long after the device leaves the building.
- •Data risk: laptops, PCs, servers, phones, even printers and copiers store data on internal drives. Hit the bin, donate or sell a device without properly erasing it, and that data - customer records, financials, logins - can be recovered by whoever ends up with it.
- •Legal and environmental risk: electronics contain materials that must not go to landfill. UK rules (the WEEE regulations) govern how electrical equipment is disposed of and recycled, and businesses have obligations consumers do not.
- •Reputational risk sits behind both: a recovered drive or a fly-tipped server traced back to you is a data breach and a compliance failure rolled into one.
Step 1: find and account for everything
You cannot securely dispose of what you have lost track of, and forgotten devices are exactly the ones that leak. Before anything is thrown out, build a simple record of what is leaving.
List every device being retired and note where its data lives - not just the obvious PCs and laptops, but servers, old phones and tablets, network kit, and the storage tucked inside printers and multifunction copiers, which people routinely forget. This inventory is the backbone of doing disposal properly: it is what lets you prove, later, that each device was accounted for and handled. It pairs naturally with the records you should already keep from setting up your network in the first place.
Step 2: destroy the data, not just the files
This is the step that protects you, and the one most often done wrong. Dragging files to the recycle bin, or even a quick format, does not remove the data - it just hides it, and it remains recoverable. Real data destruction means one of two things, with proof.
Either the drive is securely wiped using a proper data-erasure process that overwrites it to a recognised standard, or - for drives that are faulty, too old, or simply too sensitive - it is physically destroyed (shredded or degaussed) so nothing can ever be read from it. Either way, insist on a certificate of erasure or destruction for each device. That paperwork is your evidence under UK data protection rules that the data was properly dealt with, and it is exactly what an auditor, an insurer or the regulator will ask for.
Step 3: dispose under WEEE - usually via a partner
With data destroyed, the physical devices must be disposed of in line with the WEEE regulations rather than skipped or binned. For all but the smallest firms, the sensible route is a licensed IT asset disposal partner who handles the whole thing compliantly.
A reputable partner collects the equipment, provides the data-destruction certificates, recycles or refurbishes the devices responsibly, and gives you a waste transfer note proving the electronics were handled correctly. Crucially, check they are properly licensed to carry waste - your legal duty of care does not end when the kit leaves your door; if a cowboy fly-tips it, that can still come back to you. The right partner makes WEEE compliance a non-event, which is the point of using one.
Step 4: recover value where it exists
Disposal does not have to be pure cost. Plenty of retired business IT still has life and worth, and a good process captures that instead of writing it off entirely.
Devices that are only a few years old can often be securely wiped and resold or refurbished, offsetting some of your disposal cost or your next refresh. This is the flip side of the second-hand market we explain in our hardware guides - one business's retired laptop is another's bargain. The non-negotiable condition is that data destruction comes first, always, with certificates, before any device is passed on. Get that order right and resale is found money; get it wrong and it is a breach.
Make disposal part of the lifecycle, not a panic
The cupboard of dead kit exists because disposal is treated as an afterthought. The fix is to fold it into how you manage IT from the start, so equipment leaves cleanly at the end of its life instead of piling up.
Build the habit: keep an asset register so you always know what you own and where, retire kit on a planned cycle rather than when it dies in a heap, and run every retirement through the same secure path - inventory, destroy data with certificates, dispose under WEEE via a licensed partner, recover value where possible. Treated this way, getting rid of old IT becomes a routine, low-stress part of running the business, and the planning naturally connects to buying decisions like a sensible laptop refresh or new server hardware. If you would rather hand the whole end-of-life process to someone, that is exactly the kind of lifecycle work our team takes on.