France: CNIL opened investigation into Nexpublica for alleged failure to provide sufficient security measures for PCRM software

CNIL opened investigation into Nexpublica for alleged failure to provide sufficient security measures for PCRM software

On 20 March 2023, the French data protection authority (CNIL) opened an investigation into the company Nexpublica after receiving data breach notifications, authorising CNIL to carry out on-site monitoring to verify compliance with data protection r…

Scope

Policy Area

Data governance

Policy Instrument

Cybersecurity regulation

Regulated Economic Activity

other service provider, software provider: other software

Implementation Level

national

Government Branch

executive

Government Body

data protection authority

Complete timeline of this policy change

Hide details

2023-03-20

under deliberation

On 20 March 2023, the French data protection authority (CNIL) opened an investigation into the comp…

2025-12-22

in force

On 22 December 2025, the French data protection authority (CNIL) fined Nexpublica France EUR 1'700'…

Description

CNIL opened investigation into Nexpublica for alleged failure to provide sufficient security measures for PCRM software

Scope

Complete timeline of this policy change