From the 25th May 2018 a new legal framework (the General data protection regulations) are to be enforced. Personally identifiable information (PII) has to be processed, stored, and destroyed with confidential and secure procedures. a breach will result in fines that can be 4% and above of your annual turnover.
Data which is not disposed of competently can be 'reopened' and exploited, that is why PCS offer our own data destruction service. This includes data erasure of the device configuration overlay, Host Protected area and remapped sectors, in addition to the complete physical destruction of the device. These methods remove any data remanence that could be recovered and stop any risk of it entering back into the public domain.