France: CNIL fined Nexpublica EUR 1'700'000 for failing to secure PCRM software

CNIL fined Nexpublica EUR 1'700'000 for failing to secure PCRM software

On 22 December 2025, the French data protection authority (CNIL) fined Nexpublica France EUR 1'700'000 for failing to implement sufficient security measures for its PCRM software. Nexpublica specialises in software and computer design. The PCRM soft…

Scope

Policy Area

Data governance

Policy Instrument

Cybersecurity regulation

Regulated Economic Activity

other service provider, software provider: other software

Implementation Level

national

Government Branch

executive

Government Body

data protection authority

Complete timeline of this policy change

Hide details

2023-03-20

under deliberation

On 20 March 2023, the French data protection authority (CNIL) opened an investigation into the comp…

2025-12-22

in force

On 22 December 2025, the French data protection authority (CNIL) fined Nexpublica France EUR 1'700'…

Description

CNIL fined Nexpublica EUR 1'700'000 for failing to secure PCRM software

Scope

Complete timeline of this policy change