Re: you're trying to DESTROY data, with no margin for error.
Actually you're not. You're trying to ensure that you are following the best practise procedures with sufficient paper trail for audit purposes so that, when the inevitable fuckup happens, you can show the powers that be that your organisation (and, specifically, you) are Not At Fault.
Once we get that certificate from the expensive secure disk destructo-bods saying this disk has been (lies. They mean it will be) subject to secure disk destructo then secure disk destructo-bods can take the contents and spray it all over WikiLeaks if they wish and we're safe from the ICO.
Information Governance is about reducing the potential for leaks and ensuring that, when some data inevitably slips through the cracks, your arse is covered.
It should be said that, it seems, NHS Surrey did neither, heard the word "Free" and then probably moaned at the bloke who set up the original, approved solution, for wasting money.
Now, to us geeks that's distasteful politics and we know the only good retired disk is one that's been verifiably smashed into powder, preferably by us with our own disk smashing equipment whilst drinking whisky and exclaiming to the obsolete hardware that you knew you'd win in the end.
In reality a note from another company promising to do it for you is the best we're likely to be offered by the beancounters.