Is WTN App an official DEFRA product?

No. DEFRA is building the backend API for digital waste tracking. They expect private companies to build the tools that carriers actually use. WTN App prepares records for DEFRA readiness; live submission is not enabled in this release.

EWC stands for European Waste Catalogue (also called List of Waste or LoW codes). Every type of waste has a 6-digit code — like 17 09 04 for mixed construction and demolition waste. You need the right code on every waste transfer note.

Does it work without internet?

Yes. The app works fully offline. Each step of the chain is saved on your phone and syncs to your account when you're back in signal. Built for skips on rural sites with no reception.

Do all three parties need WTN App?

No. The producer or carrier creates the chain in WTN App and the next party gets an email with a public link the moment the previous step is signed. If your receiver isn't on the app yet, sign-and-share lets the carrier hand off alone — the receiver imports the chain from that link later and confirms receipt. Everyone gets the same DEFRA-ready record either way.

When does the DEFRA mandate start?

Waste receiving sites must use digital waste tracking from October 2026. Carriers follow from October 2027. But if you're transferring to a site that's already digital, you'll need to be ready by October 2026.

Can I use this for hazardous waste?

Yes. Hazardous EWC codes flag automatically. If a load mixes hazardous and non-hazardous lines, the chain auto-splits them into an HWCN and a WTN — both signed by all three parties, both stored under the same chain. Dangerous-goods fields are captured inline.

How long do I need to keep waste transfer notes?

By law, waste transfer notes must be kept for a minimum of 2 years (3 years for hazardous waste consignment notes). WTN App stores everything digitally so you never lose a note.

What if I'm not very good with technology?

WTN App is designed for people on building sites, not office workers. Each party only sees their own step of the chain — producer prep, carrier pickup, delivery handoff, or consignee receipt — and the next person gets an email when it's their turn. If you can use WhatsApp, you can use this. New drivers usually get the hang of it within one job. If anyone gets stuck, we help by email or phone, and the app has short in-line tips so nobody needs a training manual.

Can I try it before I pay?

Yes. You get 20 notes free when you sign up — no card required.

What happens to my old paper notes?

Keep them for the required retention period (2 years, 3 for hazardous). The digital mandate applies to new transfers going forward. Your existing paper records don't need to be digitised.

How is my data stored and is it GDPR compliant?

Customer and driver data is encrypted at rest and in transit, held on UK-hosted infrastructure, and access is per-user rather than shared logins. Notes are flagged for destruction when they pass the statutory retention window. You still need to register as a data controller with the ICO and run your own privacy notice — that part nobody can do for you — but the handling of WTN data itself is designed to keep you on the right side of UK GDPR.

Will it integrate with my existing fleet or accounting software?

Not yet. Today WTN App is a stand-alone tool: you create notes in the app and your existing fleet or accounting system stays separate. We hear the integration request a lot (Xero, Quickbooks, existing fleet management platforms) and it is on the roadmap, but we would rather be honest about what ships today than promise something that does not exist.

GDPR for UK Waste Carriers: What You Actually Need to Do

Waste carriers don’t usually think of themselves as data processors. You collect waste. You fill in a note. You move on. Data protection sounds like something for tech companies.

It isn’t. Every waste transfer note you fill in has personal data on it. UK GDPR applies. The Information Commissioner’s Office can fine you under it. Most small carriers have never had this explained in plain English. This is that.

What’s personal data on a WTN

A waste transfer note typically includes:

The customer’s full name and address
A contact phone number or email
The driver’s name and signature
The carrier’s registered business details
Sometimes the registration plate of the vehicle

Names, addresses, and signatures are personal data under UK GDPR. That means you’re processing personal data every time you create a waste transfer note for a domestic customer, a sole trader, or anyone whose name appears on the note.

You’re a data controller for that information. Your drivers and admin staff are processing it on your behalf.

The rules boil down to a few things that you can usually satisfy with common sense and a bit of admin hygiene:

A lawful basis for processing. For waste transfer notes, the lawful basis is legal obligation (you have to keep these records under Section 34 of the Environmental Protection Act) and legitimate interest (you need customer details to run the job).
Only collect what you need. A WTN needs a name, address, and signature. It does not need a date of birth or a National Insurance number. Don’t collect extras.
Keep it secure. Personal data in a filing cabinet needs to be in a locked cabinet. Personal data in software needs encryption at rest and in transit. Personal data in a van needs to not be lying on the dashboard.
Keep it no longer than necessary. The retention period for a waste transfer note is 2 years (3 for hazardous). After that, you should either securely destroy the note or, if you keep it longer, have a clear reason why.
Tell customers what you do with their data. A short privacy notice at the point of collection or on your website is enough. It should say who you are, what you collect, why, who you share it with, and how long you keep it.
Be ready to respond if a customer asks. Customers can ask to see what you hold, ask you to correct it, or (in some cases) ask you to delete it. You’re expected to respond within a month.

Where waste carriers tend to get caught out

A few patterns show up repeatedly in ICO complaints and enforcement actions against small businesses.

Carbon copy books left in vans. A carbon copy book contains hundreds of customer names and addresses. If the van gets broken into and the book is taken, that’s a data breach. The ICO asks you to report personal data breaches within 72 hours if they are likely to cause harm to individuals.

Photos of WTNs sent over personal WhatsApp. Common shortcut: driver takes a photo of the note, sends it to the office WhatsApp. The image sits in personal devices, cloud backups, and the WhatsApp server. It contains personal data. That’s a processing arrangement that needs to be on a legitimate legal footing, and it usually isn’t.

Customer details copied into spreadsheets without retention. Office manager types customer details into an Excel sheet to make quoting easier. That sheet sits on a laptop for years, long past the 2-year WTN retention period. No deletion schedule, no review.

No idea who has access. Ten people have the shared email login. Nobody knows which contractor set up the website. The Google Drive folder is shared with a driver who left two years ago. This is the mess most small businesses live in, and it’s the one the ICO asks about if there’s ever a complaint.

A minimum plausible setup

If you run a small waste carrier business and you’ve never looked at GDPR before, here’s the shortest version of getting into reasonable shape:

Write a one-page privacy notice. Stick it on your website. Something like: “We collect the following information to do your job and comply with waste regulations. We keep it for 2 years. We don’t sell it. Contact us at [email] with questions.”
Register with the ICO as a data controller. Almost all small businesses that process customer data need to register. It costs £40-60 a year. It takes 15 minutes.
Pick a WTN system that encrypts customer data and enforces retention. Paper in a van does neither.
Stop using personal WhatsApp to send WTNs. Move the workflow into a tool that keeps the data inside the tool.
Write down, somewhere, who has access to what. Even a single-page list is better than nothing.

None of this is hard. All of it sits quietly until somebody complains, at which point you need to show that you’ve thought about it.

What WTN App does on the data side

Customer data is encrypted at rest and in transit. Access is per-user, not shared logins. Notes are marked for destruction when they pass the retention window. Data is held on UK-hosted infrastructure.

You still need to register with the ICO and run your own privacy notice. We can’t do those for you. But the data-handling side of the waste transfer note itself is something you stop having to worry about.

This post is general guidance, not legal advice. If you’re handling sensitive personal data or you’ve had a breach, talk to a data protection lawyer or the ICO directly.

Start free. 20 notes included, no card required.

GDPR for UK Waste Carriers: What You Actually Need to Do

What’s personal data on a WTN

What UK GDPR actually asks of you

Where waste carriers tend to get caught out

What digital changes about GDPR

A minimum plausible setup

What WTN App does on the data side