My take on the disposition requirement is that the implementing organization makes a decision on what to do with the records. A valid disposition therefore, is extending the retention period for whatever reason the management deems it to be. Plus all the other things the members previously mentioned - selling, scrapping, reusing, etc.
From another perspective, there is what we call information security classification in ISO 27001 which looks at how you handle information up until its disposal. If an organization is subscribing to ISO 27001, the proper handling procedures must be accorded to each classification or level of information (in this case, records) for destruction, should the disposition be to dispose.