NEXPUBLICA FRANCE – €1,700,000 Fine (France, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
NEXPUBLICA France was fined €1,700,000 for failing to secure its software, which led to a cyber incident. The company did not take sufficient technical and organizational measures to protect user data. This case serves as a warning for software developers to prioritize data security in their products.
What happened
NEXPUBLICA France's software for managing user relations suffered a cyber incident due to insufficient security measures.
Who was affected
Users of the software who were potentially affected by the cyber incident.
What the authority found
The French data protection authority found that NEXPUBLICA France did not meet the necessary security standards required by GDPR.
Why this matters
This case highlights the critical need for software developers to implement robust security measures. It underscores the responsibility of companies to protect user data from cyber threats.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The French DPA has imposed a fine of EUR 1,700,000 on NEXPUBLICA FRANCE. The controller, who was a software developer, created and offered a software package designed to manage user relations in the social action sector. Insufficient technical and organisational measures resulted in a cyber incident affecting the software.
Related Enforcement Actions (0)
No other enforcement actions found for NEXPUBLICA FRANCE in FR
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
22 December 2025
Authority
Commission Nationale de l'Informatique et des Libertés
Fine Amount
€1,700,000
Enforcement Tracker ID
ETid-2978
About this data
Cite as: Cookie Fines. NEXPUBLICA FRANCE - France (2025). Retrieved from cookiefines.eu
Last updated: