惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

L
LINUX DO - 最新话题
C
Cyber Attacks, Cyber Crime and Cyber Security
G
GRAHAM CLULEY
T
Tenable Blog
T
Threatpost
C
CXSECURITY Database RSS Feed - CXSecurity.com
I
Intezer
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
D
Darknet – Hacking Tools, Hacker News & Cyber Security
K
Kaspersky official blog
Security Latest
Security Latest
P
Privacy & Cybersecurity Law Blog
Google Online Security Blog
Google Online Security Blog
SecWiki News
SecWiki News
P
Palo Alto Networks Blog
TaoSecurity Blog
TaoSecurity Blog
Webroot Blog
Webroot Blog
Spread Privacy
Spread Privacy
O
OpenAI News
The Last Watchdog
The Last Watchdog
P
Proofpoint News Feed
C
Check Point Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
人人都是产品经理
人人都是产品经理
S
Security @ Cisco Blogs
Scott Helme
Scott Helme
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
月光博客
月光博客
S
Securelist
酷 壳 – CoolShell
酷 壳 – CoolShell
V
V2EX
T
Troy Hunt's Blog
W
WeLiveSecurity
GbyAI
GbyAI
N
News | PayPal Newsroom
Y
Y Combinator Blog
C
Cisco Blogs
H
Help Net Security
The GitHub Blog
The GitHub Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 【当耐特】
Jina AI
Jina AI
MongoDB | Blog
MongoDB | Blog
P
Proofpoint News Feed
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
云风的 BLOG
云风的 BLOG
小众软件
小众软件
N
News and Events Feed by Topic

Compliance Solutions for Websites, Apps and Organizations | iubenda

AI can build your website. It can't manage your consent. | iubenda Browser signals and machine-readable consent: what they are and what the EU’s Digital Omnibus could change California Consumer Privacy Act (CCPA): Complete Guide How to increase your cookie banner opt-in rates: 5 mistakes to fix today | iubenda DPO Newsletter: Global Data Protection & Privacy News (issue #153) Why your consent management setup is a marketing performance question Everything you need to know about GDPR The redesigned cookie banner and configurator What nobody tells you about handing over the company you built European marketers are betting on retention. Privacy could be the edge they’re not using yet. The 5 best alternatives to Didomi in 2026: Pros, cons, pricing, and comparison Looking back on 15 years: what iubenda's founder would tell his 2011 self | iubenda The best cookie policy generator in 2026 DPO Newsletter: Global Data Protection & Privacy News (issue #152) | iubenda What publishers should expect from the EU’s Digital Omnibus proposal Uncertainty is the biggest blocker to AI adoption in marketing | iubenda Everything AI app builders need to know about vibecoding and privacy compliance | iubenda Introducing 1-Click Embedding for Google Tag Manager The Essential Small Business Terms and Conditions Template: What You Need to Know Terms of Use Template | iubenda IAB Europe Raises Concerns Over GDPR Procedural Regulation Draft Report | iubenda Learn from HelloFresh's Costly Mistake: Ensure Compliance with iubenda | iubenda Understanding the Spanish DPA Guide on Audience Measurement Cookies | iubenda The Austrian Data Protection Authority's FAQs on Cookies and Privacy | iubenda DPO Newsletter: Global Data Protection & Privacy News (issue #127) | iubenda Microsoft Ensuring European Data Stays Within the EU Cloud Boundary | iubenda Businesses Beware: ICO’s Record £14.3m in Fines for Data Misuse in 2023 Understanding the Risks and Responsibilities of Model-as-a-Service Companies in AI Development Facebook's New “Link History” Feature: A Blend of Convenience and Surveillance? | iubenda OpenAI’s Strategic Move in the EU: Aligning with Data Privacy Regulations TikTok Faces Lawsuit Over Tracking Non-Users What’s the Digital Markets Act (DMA) and how will it affect you? | iubenda Simplifying Cookie Consent: The European Commission's Approach | iubenda Google Settles Landmark Privacy Lawsuit for $5 Billion | iubenda Navigate GDPR Compliance with Confidence: Lessons from Recent Fines in Italy Simplifying the Commission's New Reporting Template for Digital Market Gatekeepers | iubenda Understanding the GDPR Complaint Against X (Twitter) for Illegal MicroTargeting | iubenda Spanish Media Giants Take On Meta in a Groundbreaking $600 Million Lawsuit | iubenda DPO Newsletter: Data Protection & Privacy News (issue #126) | iubenda Belgian DPA Mandates Cookie Banner Changes for Major Media Websites | iubenda UK's Top Websites Warned by ICO to Revise Cookie Practices | iubenda Understanding the European Union's Data Act | iubenda Google Announces Consent Mode v2 – here’s what it means for your business and advertising Noyb Challenges EU Commission Over Controversial Ad Campaign | iubenda OECD Updates AI Definition: A Step Forward in Shaping EU’s AI Law Firefox To Introduce Simplified Global Privacy Control Berlin Court Cracks Down on LinkedIn’s Privacy Violations The YouTube Ad Blocker Controversy: A Test of the ePrivacy Directive? | iubenda DPO Newsletter: Data Protection & Privacy News (issue #125) Facebook and Instagram Subscription: Meta adds a paywall | iubenda GDPR Violation: Lack of Transparency in Data Processing via Google Fonts Amazon Introduces AWS European Sovereign Cloud to Address EU Regulations | iubenda Texas New Data Privacy Law TDPSA: Everything you need to know How to Make Money with a Website Without Selling Anything Oregon Consumer Privacy Act: Overview | iubenda Google’s Move to Disable Third-Party Cookies: What Advertisers Need to Know IMY Fines H&M for GDPR Violations: A Closer Look EU Commission Requests Information from X Under Digital Services Act: What You Need to Know | iubenda Understanding California’s “Delete Act” and Data Broker Regulations TCF v 2.2 Initial Layer (Banner) Requirements | iubenda Grindr Faces €5.8 Million Fine: A Reminder on the Importance of GDPR Compliance | iubenda Newly Enacted Iowa Consumer Data Protection Act (ICDPA) | iubenda The Witch’s Brew of Privacy: A Halloween Tale of Compliance and Consequences IAB TCF 2.2 – What you need to do DPO Newsletter: Data Protection & Privacy News (issue #124) Blog Ideas That Make Money: How To Make Money From Your Blog + Examples | iubenda Maximize your Growth with Online Presence Management | iubenda Meta's New Pivot in Europe: To Pay or Not to Pay for an Ad-Free Experience? | iubenda Consumer Reports Launches Free ‘Permission Slip’ App to Protect Your Data | iubenda DAZN’s Access Request Saga Personal Brand Logo: How to Stand Out in a Crowded Marketplace UK-US Data Bridge: A New Era for Secure Data Transfers 7 Ways How to Promote Affiliate Links Effectively (And Boost Commissions) | iubenda Mastering LinkedIn Personal Branding: A Guide to More Opportunities Meta's New Approach: Pay for Your Privacy? | iubenda No Return, No Refund Policy Template & Guide GDPR in the US: a GDPR Checklist for US Companies Crafting a Niche with Branding and Identity Design | iubenda The Online Safety Bill: A Leap Towards a Safer Digital United Kingdom Understanding Google's $93m Settlement over Consumer Location Data Accusations | iubenda CCPA vs CPRA: Key Differences You Need to Know | iubenda How To Use Ecommerce Retargeting to Grow Your Business | iubenda PECR: Everything you need to know | iubenda How Mobile Apps Illegally Share Your Personal Data: A Deep Dive | iubenda Legal Spotlight: Privacy Concerns Surrounding OpenAI’s ChatGPT and Microsoft’s Involvement Legal Scrutiny Looms Over Transatlantic Data Deal: French MEP Takes Action Understanding the Digital Markets Act: A Comprehensive Guide Block AI Crawlers: Here’s How To Stop Your Site From Being Used for AI Training (OpenAI and Google Bard Irish Regulator Slaps $368M Fine on TikTok DPO Newsletter: Data Protection & Privacy News (issue #123) | iubenda The Privacy Pitfalls of Vehicle Data Collection: What You Need to Know | iubenda Twitter customer’s data on the menu for xAI models Update: Revised Swiss Privacy Law Takes Effect Fitbit and the GDPR Hurdle: What You Need to Know About Your Data Privacy | iubenda Terms of Service Template for your site | iubenda Senators Urge FTC to Investigate YouTube and Google for Violating Children's Privacy: What You Need to Google AdSense Requirements: Here's What You Need to Know | iubenda Users can’t opt out from marketing emails: FTC fines Experian $650,000 | iubenda DPO Newsletter: Data Protection & Privacy News (issue #122) | iubenda 7 Ways Business Process Automation Can Increase Your Profits
The Biggest GDPR Fines to Date [2024] | iubenda
Carla Gonzalez Cidoncha · 2023-01-28 · via Compliance Solutions for Websites, Apps and Organizations | iubenda

GDPR fines: you’ve surely heard about companies that have been fined millions because they weren’t GDPR-compliant. In fact, these sanctions can pose serious consequences for businesses of all sizes.

It’s not only about the monetary value of the sanction, but also about the reputational damage that comes with it.

In this post, we’ll go over the biggest GDPR fines issued so far, to help you understand which are the criteria that European Data Protection Authorities take into consideration when evaluating GDPR breaches.

gdpr fines

Here’s everything you need to know about the biggest GDPR penalties ever issued and what it means for businesses. Let’s dive in!

Short on time? Jump to… ⬇️

  • What are the penalty fines for GDPR?
  • How are GDPR fines determined?
  • What is considered a GDPR violation?
  • What constitutes a GDPR data breach?
  • What is a Tier 1 fine for GDPR?
  • What happens if you accidentally breach GDPR?
  • What is the minimum fine for GDPR?
  • Top 25 GDPR fines by amount
  • Which European countries have issued the highest number of fines?
  • Can small businesses be fined for GDPR non-compliance?

The penalty fines for non-compliance to GDPR can go up to 20 million euros, or 4% of the annual worldwide turnover (whichever is greater). Not always monetary, they can also be official reprimands (for first-time violations), a temporary or definitive ban on processing, periodic data protection audits and liability damages.

In fact, users have the right to file a complaint with a supervisory authority if they feel that the processing of their data wasn’t GDPR-compliant, and ask for compensation for any damages.

It is up to the Data Protection Authorities to decide whether to impose a monetary fine instead of, or in addition to, the other non-monetary possibilities mentioned before. If there is only a likely infringement, a warning is usually issued.

How are GDPR fines determined?

GDPR fines are collectively determined based on a range of factors such as nature, severity, duration and intent behind the violation. It considers how many data subjects were affected, the level of damage they experienced, and what types of personal data were compromised.

Regarding the violating entity’s side, key considerations are financial gains or losses from the infringement, whether actions were taken to mitigate the damage done, the level of cooperation with authorities and how the violation was reported (i.e. by the entity themselves or not). Past infringements, technical/organizational measures, adherence to codes of conduct or certifications will be evaluated as well.

This is all outlined in Article 83 of the GDPR official text.

What is considered a GDPR violation?

Violations of the GDPR can take various forms, depending on which provisions of the regulation are not adhered to. They can also be intricate depending on specific scenarios and types of data processing activities. The following can be considered a GDPR violation:

  • Using personal data for purposes other than those for which they were originally collected, collecting more data or keeping it longer than is necessary;
  • Processing personal data without proper, informed, and unambiguous consent from the data subject;
  • Not providing clear and accessible privacy notices or not informing data subjects about how their data will be used;
  • Failure to report GDPR data breaches in a compliant way;
  • Not honoring the rights of data subjects, such as the right to access, or right to erasure of their data;
  • Transferring personal data outside the EU to countries or organizations without adequate data protection measures in place or without proper mechanisms;
  • Not implementing appropriate technical and organizational measures to ensure a level of security appropriate to the risk;
  • and more.

What constitutes a GDPR data breach?

A GDPR data breach typically occurs when one or more activities involving individuals’ personal data and performed by your company are unauthorized or unlawful, in violation of data protection regulations like the GDPR.

The concept extends beyond a simple unauthorized or unlawful access or security incident. It also includes improper handling, storage, or processing of data that compromises the confidentiality, integrity, or availability.

The GDPR data breach can be intentional or accidental and may involve various types of personal data such as names, email addresses, financial information, medical records, or any other data that can identify an individual.

A Tier 1 fine for GDPR is part of the lower Tier and typically refers to less severe violations than Tier 2 ones. For a Tier 1 fine, companies can be fined up to 10 million euros or 2% of their annual global turnover, whichever is higher. For a Tier 2 fine, numbers go up respectively to 20 million and 4%.

Tiers are essentially two categories of penalties determined by the GDPR. Tier 1 fines are related to general obligations of data controllers and processors, certification or monitoring bodies. Tier 2 fines, however, include more severe violations of basic principles of processing or consent, individuals’ rights, data transfers to third-countries, etc.

If you accidentally breach GDPR, several factors come into play to determine the outcome. Not all GDPR violations result in fines; the response depends on factors such as the nature, gravity, and duration of the infringement, as well as the intentional or negligent character of the infringement.

  • Investigation: Initially, the relevant Data Protection Authority (DPA) would likely investigate the GDPR data breach. You’re expected to cooperate fully with this investigation.
  • Intent and Negligence: The DPA considers whether the breach was intentional or a result of negligence. Accidental breaches may be viewed more leniently than intentional violations.
  • Mitigation Efforts: The DPA also considers any efforts you made to mitigate the damage suffered by data subjects.
  • Previous Violations: Your history of compliance with GDPR is also relevant. A clean record might result in a lighter response.
  • Notification: Under GDPR, you are required to report a GDPR data breach to the relevant supervisory authority within 72 hours of becoming aware of it, unless the breach is unlikely to result in a significant risk. Failure to notify can result in penalties on its own.

Following the investigation, the DPA may issue warnings, reprimands, order the entity to take specific actions to comply with the law, or impose a fine.

The GDPR does not specify a “minimum fine” as such; instead, it outlines two tiers of fines based on the severity of the GDPR data breach. For less severe breaches, companies can be fined up to €10 million or 2% of the firm’s global annual turnover of the previous financial year, whichever is higher. For more severe breaches, the fines can be up to €20 million or 4% of the firm’s global annual turnover of the previous financial year, whichever is higher.

The DPAs are encouraged to take a balanced approach, considering the specifics of each case. Fines are considered a last resort and are meant to be “effective, proportionate and dissuasive.”

🔍 Click for a simple example of an infringement explained on the European Commission website.

Not sure how to get started with GDPR Compliance?

Use our site scanner for a FREE website compliance audit

Scan your website now

Let’s go over the largest GDPR fines issued so far.

top 10 gdpr fines
Image credit: GDPR Enforcement Tracker

1. Meta Platforms Ireland Limited, €1.2 billion

Our winner by far on this list is a 1.2 billion million euros fine for Meta/Facebook, issued in May 2023 following an inquiry into its Facebook service, by the Irish Data Protection Authority (IE DPA). The largest GDPR fine to date was imposed as a result of Meta’s transfers of personal data to the U.S. on the basis of SCCs. Dispute resolution was ordered by the EDPB.

2. Amazon Europe, €746 million

The second biggest GDPR penalty was issued by the Luxembourg DPA on July 16th, 2021. The DPA fined Amazon Europe 746 million euros, after a series of 10,000 complaints filed by the French group La Quadrature du Net.

The Authority found that Amazon was showing targeted advertising without the users’ proper consent.

3. Meta Platforms, Inc., €405 million

On September 5th, 2022, Ireland’s Data Protection Commission issued a 405 million euros fine to Meta Platforms, Inc.

The DPC investigated the processing of children’s personal data and found that the company was publicly disclosing email addresses and/or phone numbers of children using the Instagram business account feature.

4. Meta Platforms Ireland Limited, €390 million

Yet another Meta GDPR penalty. On January 4th, 2023, Ireland’s Data Protection Commission (DPC) issued a 390 million euros fine against Meta Ireland Limited.

After NOYB filed three different complaints, the DPC concluded that the processing on the basis of a contract for personalized ads is not GDPR-compliant. Meta was relying on a consent clause in their Terms of Service to show its users personalized ads.

5. TikTok Limited, €345 million

The famous social media platform TikTok received its first fine ever amounting to 345 million euros in September 2023 (issued by the Irish DPC) for failing to protect children’s privacy – the accounts belonging to teens were public by default during the sign-up process, allowing anyone to view and comment on their videos.

6. Meta Platforms Ireland Limited, €265 million

On November 25th, 2022, Ireland’s DPC fined Meta 265 million euros.

The DPA launched an investigation in April 2021, after media reports discovered that Facebook’s dataset had been made available on the internet. This data breach affected the personal information of 533 million users. 

Meta was fined because it wasn’t complying with the principles of Privacy by Design and Privacy by Default stated in the GDPR.

Do you even really need to comply with the GDPR?

7. WhatsApp Ireland Ltd., €225 million

On September 2nd, 2021, Ireland’s Data Protection Commission issued a 225 million euros fine against WhatsApp Ireland, in conclusion to an investigation that had started in 2018.

WhatsApp wasn’t complying with the GDPR principle of transparency, not giving users enough information about its processing activities and the legal basis it was using.

UPDATE

On January 19th, 2023, the DPC issued a further €5.5 million fine.

👉 Learn more here

8. Google LLC., €90 million

On December 31, 2021, the CNIL issued a 90 million euros fine to GOOGLE LLC, because it wasn’t complying with the French Data Protection Act.

In particular, the CNIL found that YouTube users couldn’t reject cookies as easily as they could accept them. Besides the fine, Google LLC was given three months to change the look and functioning of its cookie banner.

youtube cookie banner
YouTube cookie banner after the CNIL sanction

9. Facebook Ireland Ltd., €60 million

On the same day, December 31, 2021, the CNIL also fined Facebook Ireland 60 million euros.

The reason was the same: Facebook users couldn’t reject cookies as easily as they could accept them.

10. Google Ireland Ltd., €60 million

A smaller fine of 60 million euros was issued by the CNIL to Google Ireland Ltd. 

The reason was always the same as above, but it referred to the website google.fr.

11. Google LLC, €50 million

On January 19th, 2019, CNIL fined Google LLC 50 million euros after a series of complaints by NOYB and La Quadrature du Net.

The main reason for this fine was a lack of transparency, unsatisfying information and lack of valid consent. Users didn’t have enough information about the processing of their personal data.

This was one of the first big fines issued under GDPR.

12. Criteo, €40 million

In June 2015, the French DPA (CNIL) fined Criteo, specialized in retargeting advertising, for various deficiencies in data processing such as being able to demonstrate user consent proofs to using trackers from both Criteo and its partners. Criteo also did not entirely fulfill data subject requests to withdraw or delete their data.

13. H&M Hennes & Mauritz, €35.2 million

On October 1st, 2020, the Hamburg Commissioner for Data Protection and Freedom of Information issued a 35.2 million euros fine to H&M.

Since at least 2014, parts of the employees were subject to an extensive recording of details about their private lives. These details – such as vacation experiences, but also symptoms of illness and diagnoses – were then recorded, stored, and used to make decisions about their employment.

The DPA became aware of this violation only because, due to a technical error, the data was accessible to everyone in the company for a few hours.

14. Amazon France Logistique, €32 million

The French DPA fined Amazon France Logistique in January 2024 for unlawful surveillance of employees through a scanner to document certain tasks in order to provide information on the productivity of each employee. This statistical data was deemed disproportionately and extensively stored.

15. TIM, €27.8 million

The Italian DPA, the Garante, fined TIM (a telecommunications operator) in January 2020. For a few years, the DPA received hundreds of notifications regarding the receipt of unsolicited commercial communications of users that did not give their consent or were registered in the public register of objections.

Among other things, the fine was imposed for:

  • lack of consent for marketing activities (telemarketing and cold calling) and addressing people who asked not to be contacted with marketing offers;
  • invalid consents collected in TIM apps;
  • lack of appropriate security measures to protect personal data (including incorrect exchange of blacklists with call centers); and
  • lack of clear data retention periods.

16. British Airways, €22.046 million

This fine was issued in October 2020 by the UK’s DPA, the ICO, and was related to a cyber incident notified in September 2018 regarding the British airline company. A variety of information was compromised by poor security arrangements at the company, including log in, payment card, and travel booking details as well name and address.

17. Marriott International, Inc., €22.450 million

Similar to the previous one, the ICO fined hospitality company Marriott following a cyber incident notified in November 2018. A variety of personal data contained in approximately 339 million guest records globally were exposed by the incident. This is due to a failure to undertake sufficient due diligence during an acquisition and systems were not secure.

18. Clearview AI Inc., €20 million

Clearview AI was actually fined the same amount by the French, Greek and Italian DPAs. This company holds a database of more than 20 billion facial images.

It was found that the personal data contained in the company’s database had been processed unlawfully and without a valid legal basis. In addition, the DPA found that Clearview AI restricted and did not properly handle the exercise of data subjects’ rights, as well as failed to adequately inform users about the processing of their data. It also violated several GDPR principles such as purpose limitation and storage limitation.

19. Meta Platforms Ireland Limited, €17 million

In May 2022, the Irish DPA imposed a GDPR penalty of 17 million euros on Meta, based on 12 notifications of data breaches that occurred back in 2018.

Meta failed to demonstrate that it had taken appropriate technical and organizational measures to protect the data of EU users, especially in terms of cross-border data processing.

20. Wind Tre S.p.A., €16.7 million

Among other things, the Garante fined the Italian telecommunications company Wind Tre (July 2020) for several unlawful data processing activities relating to unsolicited direct marketing through SMS, e-mail and calls. People also weren’t able to exercise their right to withdraw because of an incomplete policy.

21. TikTok, €14.5 million

The UK’s ICO fined TikTok 14.5 million euros in April 2023. It found out that more than one million British children under the age of 13 were using TikTok without the consent of their parents. TikTok was also criticized for failing to identify and remove underage children from its platform.

👉Read our blog post if you want to know more about this fine. Click here

22. Vodafone Italia S.p.A., €12,25 million

Another telecommunications company on the list of Italian DPA’s greatest GDPR fines, issued in November 2020. Here again, telemarketing activities were unlawful, including hundreds of complaints about unsolicited telephone calls and the use of fake numbers to make promotional calls.

23. notebooksbilliger.de, €10.4 million

notebooksbilliger.de is an electronics retailer and has been fined 10.4 million euros by the DPA of Lower Saxony. The company had video-monitored its employees for at least two years without having a legal basis for doing so. So far, the fine against notebooksbilliger.de is the highest fine that the LfD Niedersachen has issued under the GDPR.

24. Uber, €10 million

The Dutch DPA in the Netherlands fined both Uber Technologies Inc. and Uber B.V. in December 2023 for failing to provide sufficient information about the storage period of European drivers’ data. The DPA also found that Uber made it unnecessarily difficult for drivers to request access to their data and did not respond in a comprehensible manner.

25. Axpo Italia Spa, €10 million

The Italian DPA has imposed a GDPR penalty of 10 million euros on electricity and gas supplier Axpo Italia Spa. The DPA had received numerous complaints from data subjects who complained that, without their knowledge, electricity and gas contracts had been activated in their own names. Their personal data in the contract was incorrect or outdated. Axpo had been acquiring new contracts through a network of vendors.

Which European countries have issued the highest number of GDPR fines?

The countries that issue the biggest fines are not necessarily the countries that issue the highest number of fines. Let’s take a look.

gdpr data breach
Image credit: GDPR Enforcement Tracker

While these sanctions are huge, there are also smaller fines that are issued every day. European DPAs are very active in monitoring GDPR compliance.

Here is the top 10 EU countries with the highest number of GDPR fines issued so far:

  1. Spain
  2. Italy
  3. Romania
  4. Germany
  5. Hungary
  6. Poland
  7. Greece
  8. Norway
  9. France
  10. Belgium

Can small businesses be fined for GDPR non-compliance?

Yes, it can happen. Of course, your small business won’t probably receive a fine as huge as the ones above, but even a smaller amount can really impact your processes. 

Also, don’t forget that a monetary sanction isn’t the only consequence of non-compliance: official reprimandsperiodic data protection audits and liability damages can be as scary as a fine. Not to mention the reputational damage a GDPR sanction can cause.

But don’t worry! GDPR compliance doesn’t have to be difficult.

About us

iubenda