DDOS protection without IP?
Is there any way to do DDOS protection without logging IP addresses? Any way to stop attacks without noting down IP addesses? This is because of data protection regulations
You've not said where in the world you are but assuming somewhere covered by GDPR (I think the new Californian laws are close enough for this level of detail).
While IP addresses can be considered to be PII (Personally Identifying Information) the law allows you to store them if you have a valid reason to do so. Recording the source of a DDOS attack is a valid reason. Especially if you have a sensible data retention policy e.g. you will keep the record for say 1 month and use them to filter traffic, then after a month you delete the record. If you are using a system like say fail2ban paired with autologrotate this can all be automated so you don't need to manually interact with the data at all unless there is a problem.
Ensuring that the data can only be accesses by those who have the valid need is also normally a required step to be compliant.
I recommend you find an actual legal expert (not some anonymous person in the internet) to talk through what options you have in your specific jurisdiction.
What do you want to protect?
If there is enough traffic generated during the DDOS, you need to route the destination IP to a black hole route. The source IP could be spoofed and sometimes the best solution is to announce via BGP to drop all packets with destination IP of your attacked host.