France
NEXPUBLICA FRANCE
1,700,000 €
GDPR enforcement action by French Data Protection Authority (CNIL) on 2025-12-22.
Rank · Sector
#23
of 597 in Industry and Commerce
Rank · France
#19
of 74
Rank · All fines
#131
of 3,050
Case details
- Authority
- French Data Protection Authority (CNIL)
- Date
- 2025-12-22
- Controller / Processor
- NEXPUBLICA FRANCE
- Sector
- Industry and Commerce
- Quoted Articles
- Art. 32 GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The French DPA has imposed a fine of EUR 1,700,000 on NEXPUBLICA FRANCE. The controller, who was a software developer, created and offered a software package designed to manage user relations in the social action sector. Insufficient technical and organisational measures resulted in a cyber incident affecting the software.
Open original source
Links to the regulator's original publication or another source.
Related fines
France
2025-09-01
200,000,000 €
ETid-2862
GOOGLE LLC
Media, Telecoms and Broadcasting
France
2025-09-01
150,000,000 €
ETid-2864
INFINITE STYLES SERVICES CO. LIMITED
Industry and Commerce
France
2025-09-01
125,000,000 €
ETid-2863
GOOGLE IRELAND LIMITED
Media, Telecoms and Broadcasting
France
2021-12-31
90,000,000 €
ETid-978
Google LLC
Media, Telecoms and Broadcasting
France
2021-12-31
60,000,000 €
ETid-979
Google Ireland Ltd.
Media, Telecoms and Broadcasting
France
2021-12-31
60,000,000 €
ETid-980
Facebook Ireland Ltd.
Media, Telecoms and Broadcasting