[ryanwaggoner]

It’s not. GDPR is so overly broad that it’s almost impossible to be in full compliance. Not only does it count IP addresses as personal information, but it covers all EU residents, apparently no matter where they are in the world, even if you have no way of knowing they’re EU residents.

I really doubt most small-medium businesses without ties to the EU are going to pay any attention. Just like VAT actually.

[jmickey]

Mind you an IP address is personal data only if it identifies an individual. Same goes with any other information.

[ryanwaggoner]

That’s not what I’ve seen from my admittedly cursory research, but I don’t see how that matters anyway: how would you know if the IP address could personally identify an individual, so it seems like you would have to assume that it could?