Spanish data protection authority fines mobile operator for GDPR violations

According to IAPP, AEPD, the Spanish data protection authority, fined mobile network operator Xfera Móviles 60,000 euros for violations of the EU’s General Data Protection Regulation (GDPR). The plaintiffs alleged changes were made to their account without consent, a violation of Article 6(1) of the GDPR, based on unlawfully processed data, including bank details, customer address, and names.