France: CNIL investigation into Nexpublica over alleged failure to provide sufficient security measures for PCRM software
Progress
Current status
in force
22 Dec 2025 in force
20 Mar 2023 under deliberation
Scope
Implementers
France
Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
other service provider
software provider: other software
Government Branch
executive
Government Body
data protection authority
Implementation Level
national
Timeline of events
CNIL fined Nexpublica EUR 1'700'000 for failing to secure PCRM software
On 22 December 2025, the French data protection authority (CNIL) fined Nexpublica France EUR 1'700'000 for failing to implement sufficient security measures for its PCRM software. Nexpublica specialises in software and computer design. The PCRM soft…
SourceEvent type
investigation
Action type
ruling
Government branch
executive
Government body
data protection authority
CNIL opened investigation into Nexpublica for alleged failure to provide sufficient security measures for PCRM software
On 20 March 2023, the French data protection authority (CNIL) opened an investigation into the company Nexpublica after receiving data breach notifications, authorising CNIL to carry out on-site monitoring to verify compliance with data protection r…
SourceEvent type
investigation
Action type
announcement
Government branch
executive
Government body
data protection authority