Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Iubenda is an Italian, EU based consent and privacy management platform that combines a privacy and cookie policy generator, a Consent Management Platform (CMP) certified by the IAB TCF v2.2 and a Consent Database for proof of consent. It is one of the most widely deployed compliance solutions in southern Europe and a sovereign alternative to US based vendors.
Iubenda is an Italian compliance suite founded in 2011 in Bologna and acquired by Team.Blue (a European hosting group) in 2022. It is one of the most widely deployed privacy and consent solutions in Italy, France, Spain and Germany, with more than 100 000 customers worldwide. The platform combines three pillars: a Privacy and Cookie Policy generator, a Consent Management Platform certified IAB TCF v2.2, and a Consent Database used to demonstrate proof of consent under Article 7(1) GDPR. As a sovereign EU vendor, Iubenda is often preferred over OneTrust or TrustArc by southern European customers who want to avoid US based processors.
The Iubenda CMP sets first party cookies named _iub_cs and _iub_cs_id (12 months) which contain the consent record (categories accepted or rejected, timestamp, consent version, ID). When the IAB TCF integration is active, the standard euconsent-v2 string is also stored. The consent proof is sent to Iubenda servers (AWS EU regions) for storage in the Consent Database, ensuring compliance with the documentation requirement of Article 7(1) GDPR. No browsing behaviour, IP address or device fingerprint is collected by Iubenda itself.
Iubenda is designed around the privacy by design principle of Article 25 GDPR. The CMP blocks non essential scripts before the user clicks accept, offers granular category controls (necessary, functional, analytics, marketing) as required by the CNIL since 2020, and provides a reject button with the same visual weight as the accept button to comply with EDPB guidance. The IAB TCF v2.2 certification ensures interoperability with the European programmatic advertising ecosystem.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Iubenda processes data exclusively in the European Union, on AWS regions in Ireland (eu-west-1) and Frankfurt (eu-central-1). No transfer to the United States or other third countries takes place, which removes the need for SCCs and Schrems II analysis. This is one of the main reasons French and Spanish customers choose Iubenda over OneTrust, Cookiebot (Denmark, but EU based servers) or TrustArc. The data processing agreement is available in the Iubenda dashboard, and the company acts as a processor for the website operator.
Load the Iubenda CMP script in the head before any other tracking tag, enable Prior Consent Mode so non essential scripts are blocked before the user clicks accept, activate the Per Category consent controls, configure the Consent Database to retain proof for 12 to 24 months and pair the CMP with the Iubenda Privacy and Cookie Policy generator so the wording stays synchronised. For sites using Google services, enable Google Consent Mode v2 to forward consent signals to Google Tag Manager.
Websites using Iubenda must obtain user consent under GDPR regulations.
DPIA considerations
Iubenda is a low risk processor: it only stores the consent decision and the privacy policy text. A full DPIA is generally not required, but document the legal basis (Article 6(1)(f) and 7(1) GDPR), the EU only data flow and the 12 month retention of the consent record in your record of processing activities.
Sample consent text
This website uses Iubenda, an Italian consent management platform certified by the IAB TCF v2.2 framework. Iubenda processes your data exclusively in the European Union (AWS Ireland and Frankfurt) and stores your consent record for 12 months as proof under Article 7(1) GDPR.
Third-party domains contacted
cdn.iubenda.comconsent.iubenda.comcs.iubenda.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| _iub_cs-* | first_party | 12 months | Stores the user consent record for the Iubenda CMP: categories accepted or rejected, timestamp, consent version. Required to apply the user choice on every page load. |
| _iub_cs_id | first_party | 12 months | Unique anonymous identifier of the consent record, used to retrieve and audit consent proof in the Iubenda Consent Database dashboard. |
| euconsent-v2 | first_party | 12 months | Standard IAB TCF v2.2 consent string, set when the TCF integration is active. Required for interoperability with the European programmatic advertising ecosystem. |
Iubenda is an essential service, but transparency matters. Manage all your consent with FlowConsent.
Iubenda sets first party cookies _iub_cs and _iub_cs_id (12 months) which contain the consent record (accepted or rejected categories, timestamp, version, ID). When the IAB TCF integration is active, the standard euconsent v2 string is also stored. No browsing behaviour or fingerprint is collected.
No. Iubenda cookies are strictly necessary under Article 5(3) ePrivacy Directive: they are required to record and prove the consent choice. The CMP loads before the user clicks accept, in line with CNIL, AEPD, Garante and TTDSG guidance.
Iubenda relies on the legitimate interest of the controller under Article 6(1)(f) GDPR combined with the legal obligation to demonstrate consent under Article 7(1) GDPR. The website operator is the controller, Iubenda the processor.
No. Iubenda processes data exclusively on AWS EU regions (Ireland and Frankfurt). There is no transfer to the United States or other third countries, which removes the need for SCCs and Schrems II analysis. This is the main reason Iubenda is preferred over US based CMPs.
No. Iubenda is a low risk processor that only stores the consent record and the policy text. A full DPIA is not required; document the legal basis, EU only data flow and 12 month retention of the consent record in the record of processing activities.
Load the Iubenda CMP script in the head before any other tracking tag, enable Prior Consent Mode, activate Per Category controls, configure the Consent Database to retain proof for 12 to 24 months, and pair it with the Iubenda policy generator. Enable Google Consent Mode v2 if you use Google services.
EU based alternatives include Axeptio (France), Cookiebot (Denmark), Usercentrics (Germany), CookieFirst (Netherlands), CookieYes (UE) and Didomi (France). Open source: Klaro, Orejime, Tarteaucitron and CookieConsent by Orest Bida.
Iubenda includes an automatic cookie scanner that detects new vendors and updates the cookie policy text monthly. Enable the email notification, review the categorisation before publishing, and reflect the change in the privacy notice whenever a new processor or purpose is added.