Spain: AEPD fines XFERA MOVILES €60,000 for GDPR violation
The Spanish data protection authority ('AEPD') issued, on 3 February 2020, a resolution ('the Resolution') in proceeding No. PS/ 00227/2019 fining XFERA MOVILES, S.A. €60,000 for violation of Article 6(1) of the General Data Protection Regulation (Regulation (EU) (2016/679) ('GDPR'), following an individual complaint. In particular, the Resolution outlines that documentation shows that XFERA MOVILES violated Article 6(1) of the GDPR since it had unlawfully processed data, including bank details, customer address, and names, following a fraudulent misrepresentation of the complainant's wishes.
You can read the Resolution, only available in Spanish here.