CNIL (France) - SAN-2025-015

}}}} The DPA imposed a 1 700 000 € fine under [[Article 32 GDPR|Article 32 GDPR]] to a processor who had incorrectly configured a software that processed files relating to persons with disabilities, leading to a massive data breach.The DPA imposed a €1,700,000 fine to a processor who had incorrectly configured a software that processed files relating to persons with disabilities, leading to a massive data breach. == English Summary ==== English Summary == === Facts ====== Facts === A software consulting company (the processor) provided an administration (the controller) with software for processing files relating to persons with disabilities. A software consulting company (the processor) provided an administration (the controller) with software for processing files relating to persons with disabilities. This software enabled users (data subjects) to upload their files and track their progress via an online portal. This software enabled users (data subjects) to upload their files and tr