According to IAPP, AEPD, the Spanish data protection authority, fined mobile network operator Xfera M¨®viles 60,000 euros for violations of the EU's General Data Protection Regulation (GDPR). The plaintiffs alleged changes were made to their account without consent, a violation of Article 6(1) of the GDPR, based on unlawfully processed data, including bank details, customer address, and names.