The General Data Protection Regulation (GDPR) requires Personally Identifiable Information (PII) to be protected or not be processed or stored at all. An IP-Address counts as PII and therefore requires special treatment.
By default a Ruby on Rails application logs the IP-Address to a log file. One of the cleanest ways to protect visitors is to not log the actual IP-Address but an anonymized one.
Rails::Rack:Logger class inherits from
ActiveSupport::LogSubscriber and implements a custom method to produce logs without full IP-Addresses.