CNIL issues €1.7m penalty for GDPR failures
Security flaws exposed sensitive disability related information in France.
France’s data protection authority has fined a software company €1.7m over security failures. The decision followed investigations into repeated personal data breaches.
CNIL found that NEXPUBLICA FRANCE failed to protect sensitive user information. Its PCRM software is used in social services for disabled people.
Investigators said weaknesses stemmed from poor security practices and ignored audit warnings. Flaws were only fixed after users accessed confidential third party documents.
The French regulator cited GDPR Article 32 and the sensitivity of disability data. No compliance order was issued after corrective measures were implemented.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!