Security theatre, and like security theatre at airports it masks the reality that in all probability nothing of substance is actually happening.
And of course we trust all of these people to get it right and for nothing to slip through the cracks. The threat is as much about what happened in the past as what happens now. What guarantees are there that some employee didn't make their own copy of the data and take it offsite? What about backups?
There's quite a complex set of processes behind the way HM Government systems are managed. They can't just throw backups away, they have to prove that they've been disposed of in-line with HMG policy.
As for guarantees, there are no more than there would be that someone at Google hasn't done that, but what HMG does have is a fairly strong vetting standard, that these people will be under.
The 'proof' is just a form being filled in, I doubt there is a government overseer who does a directory listing and then observes the destruction of that specific drive.
And none of this theatre can rectify historic breaches.
And of course we trust all of these people to get it right and for nothing to slip through the cracks. The threat is as much about what happened in the past as what happens now. What guarantees are there that some employee didn't make their own copy of the data and take it offsite? What about backups?