In relation to GDPR most ways to store/gather information are fine. You just have to tell the user that you are doing it and ask them to confirm that is ok. And to be clear even if you don't store data you may still be a processor of a user's data so be careful. But it's important to seek proper GDPR professional advice so you know you're safe.
So their isnt a login system? If so the UK petition.parliament.uk peoples messed this up too. They wanted what you asked for but in the end settled with requiring users to provide an email address so that 1 vote = 1 user.
Various methods can be used. Doing this without IP address though makes it trickier. I would use IP address + device details along with geolocation (a derivative of IP) and then as Marco Alka says use browser finger-printing as well.
Regardless of the method used - you will have to tell the user what you are doing and what's going on.