For a side project of mine, I collect the IP address of users, log it to my server where the country of the user is identified(using ipinfo.io in the backend) and is saved in the database. Since I'm not storing the IP address as such, am I GDPR compliant? Do I need to add a consent banner?<p>I just store the country name.
<i>using ipinfo.io in the backend</i><p>I am not a lawyer and this is not legal advice. Are you sending the client IP to a third party API? There are existing questions and answers about this [1] but ultimately as others said one should at least consult a lawyer. It's not even 15 minutes of their time. Consider using lookup tools that download the database [2] to your server to avoid sending the client IP anywhere even if it turns out to be in a gray area to do so. Even if not for a legal reason, technically this removes a real time dependency on a 3rd party website.<p>[1] - <a href="https://law.stackexchange.com/questions/57557/does-information-related-to-client-ip-address-is-been-allowed-as-per-gdpr-polici" rel="nofollow">https://law.stackexchange.com/questions/57557/does-informati...</a><p>[2] - <a href="https://ipinfo.io/products/free-ip-database" rel="nofollow">https://ipinfo.io/products/free-ip-database</a>
If you use Cloudflare workers, they just give you IP addresses and associated info (city/region/country) as metadata. No need to query a third-party service. Not sure if this is GDPR compliant though.