France's data protection authority has fined a software company E1.7m over security failures. The decision followed investigations into repeated personal data breaches.

CNIL found that NEXPUBLICA FRANCE failed to protect sensitive user information. Its PCRM software is used in social services for disabled people.

Investigators said weaknesses stemmed from poor security practices and ignored audit warnings. Flaws were only fixed after users accessed confidential third party documents.

The French regulator cited GDPR Article 32 and the sensitivity of disability data. No compliance order was issued after corrective measures were implemented.