Home / Industry

Using IP Geolocation Data to Support Regulatory Compliance

Complying with strict data privacy regulations like the General Data Protection Regulation (GDPR) is a must do. Violators can get penalized as much as €10 million or 2% of their annual turnover. This reality makes it critical for organizations, therefore, to employ strict employee, customer, and stakeholder data management policies.

Among different specifications, the GDPR and similar policies mandate that companies only collect personal data with owners' prior consent. The information must also be stored following very strict rules to ensure it will not be shared with third parties and used only in the ways the organizations stated in their end-user agreements.

The next question is: How might you know if a given employee, customer, or stakeholder is covered by specific data protection regulations?

To Apply or Not to Apply a Data Privacy Regulation?

Given these, companies need to at least know what countries or even the state their employees, customers, and stakeholders are from so they can follow the regulations that apply to them. And while having everyone they employ and do business with fill up forms to gather this information is easy enough, knowing what each customer's citizenship is isn't as easy to determine. Not all buyers reveal their contact details on the sites they buy goods from. That happens most when they opt to sign in as guests.

And if hundreds or thousands of your customers do that, manually contacting them through whatever contact details they left, if they did at all, may not be feasible. That's where IP geolocation may come in handy. Even if none of your customers identify their countries (a good indicator of their citizenship), traces of their visits to your site (via their IP addresses) can be obtained from your network logs. You can then use an IP geolocation database to identify each address's location.

How Can IP Geolocation Help with Regulatory Compliance?

Let's take a look at how this works with an example. Say that you have this network log from your e-commerce site:

An IP geolocation database would give you this location information:

Note that for U.S. locations, taking note of the state is also advisable as some states may have their own data privacy regulations. An example would be California, which imposes the California Consumer Privacy Act (CCPA).

From the IP geolocation data you obtained, you know that you need to ensure compliance to CCPA for the owner of the IP address 214[.]1[.]211[.]251 and the GDPR to that of 178[.]202[.]110[.]92 who's from Germany.

Take note of the customers whose IP geolocation data is unidentifiable (see line 5 in the spreadsheet). You may wish to contact them to know where they're from, especially if they're frequent buyers.

Without the help of an IP geolocation database, you may have had to track down each customer via phone or email. And that would only be possible if they left contact information. You wouldn't have also been able to determine that your U.S. customer may be covered by CCPA if he or she didn't indicate his or her state.

In our very simple example, instead of trying to pin down eight customers one by one, which could cost you a lot if you need to call them long distance, you only need to call or email one.

Of course, there is also a good chance that you can rely on shipping addresses for physical products and billing information in general. In this case, IP geolocation can serve as an additional "proof" of a customer's location to further enrich compliance efforts. Any difference between the IP on record and specified customers' addresses can also help flag fraudulent transactions, or transactions initiated from buyers in restricted countries.


IP geolocation data isn't only useful for regulatory compliance although that in itself is critical to any company that does business in several countries and keeps the data of international customers. The location information an IP geolocation database provides can also help with cybersecurity, marketing, advertising, and many other business processes.

By Ipify, A Simple Public IP Address Data Provider – Ipify is a public IP data provider that works flawlessly with both IPv4 and IPv6 addresses. We offer three main products: A general IP API that allows making millions of requests per minute using a variety of programming languages, a more specific IP Geolocation API with all relevant location data points, as well as an IP Geolocation Database that contains 8+ million IP blocks and locations for close to 5 million records. Visit Page

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

Cybersecurity

Sponsored byVerisign

IPv4 Markets

Sponsored byIPXO

Brand Protection

Sponsored byAppdetex

Threat Intelligence

Sponsored byWhoisXML API

Domain Management

Sponsored byMarkMonitor

Domain Names

Sponsored byVerisign