[bpfrh]

I would be very carefull with saying your are gdpr compliant without having talked to laywer.

Your are basically replacing a unique identifying attribute(ip address) with a unique attribute and a maybe unique attribute, to generate a unique attribute.

The problem is not the ip address, the problem with analytics is that your want to count unique visitors but are not allowed to track any properties of the visitor that are unique and hence a protected property of the visitor per the gdpr.

[3abiton]

It's definitely not gdpr compliant, because the identifier is still unique. Any data collected per session identifier for user interaction with the website are bound to user consent and not covered under gdpr legitimate interest.

[mijoharas]

Also, specifically an IP address is considered personal information under the GDPR as far as I understand it, which the person says they're storing (for 24 hours)