[segmondy]

I don't, but I've never kept personal information. As someone with a background in the security and finance industry. I don't want that burden. If you don't have it, you don't have to deal with it. So if you have a side project, why would you collect personal info?

[dangrossman]

Many side projects involve people signing up for something, like an account or an email list. A username is personal info. An email address is personal info. An IP address is personal info. Your side project can't be much more than static webpages without analytics to avoid collecting "personal data" as defined by this regulation.

[claudiulodro]

It's my understanding that an IP address is not personal info and that nobody can, say, make a GDPR request for information associated with an IP address. An IP address is not personally identifiable information.

[dangrossman]

Under GDPR's definition and recitals, IP addresses are most definitely personal data.

[Angostura]

Only if linkable to other personal information. If your logs are collecting IP data that cannot be linked by you to a person you're fine.

[claudiulodro]

It seems that you're correct and it does indeed include IP addresses. Good catch.

[jdsnape]

It’s a little more subtle than that AIUI - they’re only personal if you have a way of linking them to a user. E.g. if someone logs in with an email and you record that with the IP, or if you’re an ISP. I don’t think the IP is personal if you are just hosting a static site say.