Short answer: No
The GDPR requires that companies obtain explicit and informed permission before collecting personal data from EU residents. This includes IP addresses and cookies. While it is already in effect, it doesn’t hit the enforcement stage until May 25, 2018. A study of 250 businesses conducted by the Data & Marketing Association finds that half of companies will still not be prepared to comply by next year’s deadline.
Among the adjustments that companies have to make are deleting or updating non-compliant databases of personal information and ceasing use of “clickwrap” forms (lengthy terms of service that people click through quickly), as well as pre-checked consent boxes. Any business that collects information from EU residents, even businesses based abroad, must comply with the GDPR terms. And, the repercussions will be hefty: €20 million or 4% of global turnover, whichever is higher.