Every PDPC enforcement case, sorted by the obligation breached.

Adjudicated breach findings, by obligation

Where PDPC has found breaches — and where it never has

Counts below are breach findings in Commission’s Decisions (the register’s adjudicated outcomes). One decision can cite more than one obligation. Voluntary Undertakings are remediation accepted in lieu of a finding and are counted separately in the table further down.

The whole register, filterable

Browse every case by obligation

The point of all this

In the entire public record, the Access Obligation has never been breached

Filter the table above to the Access Obligation and you will find no breach finding — not one, across 2015–2026. Every case that touches the Access Obligation ended in the organisation’s favour or never reached a finding:

• The only adjudicated Access decision is a “No Breach” finding.

How this was built

Method & limitations

The register was compiled from PDPC’s public enforcement-decisions listing. For each case, the obligation is taken from PDPC’s own decision title, which names the obligation(s) at issue — the authoritative source. The full text of every decision was also scanned for any reference to a breach of the Access Obligation (section 21); that count is zero.

• Commission’s Decisions are categorised by the obligation named in the title.
• Voluntary Undertakings are remediation agreements in which PDPC makes no breach finding, so they are shown as “Not adjudicated” unless the document itself names an obligation; many arose from data-breach incidents.
• A small number of older cases have no machine-readable date and show “—” for the year.
• Nothing here is re-hosted: every row links to PDPC’s own page so you can verify it.

PDPC enforcement-decisions register