Hey guys,
I'm implementing an iOS app for a client, which incorporates a map feature. Normally, I would just use MapKit, but the client is very sensitive towards GDPR and AFAIK the GDPR states that IP addresses should be considered personal data as it enters the scope of 'online identifiers'.
Now, MapKit certainly makes calls to Apple servers to request the map tiles.
In order to be in line with GDPR my non-laywer gut tells me that my client would need to sign a data processing agreement with Apple. Is that correct? Or is interaction in System framework components considered to be contracted between the user of the app and Apple themselves and therefore covered by Apple's privacy agreement?
I'd be happy for any clarifications.
Cheers