Activities, .csv export and GDPR

driver6661

Hello,
In this discussion I'd like to point some ideas and talk about GDPR aspects.
As we know, some parts of the regulation are a big headache since it is very hard to comply.
And now I'd like to talk about one of them.
Joomlart GDPR extension has Activities section which displays users whose personal data were removed.
It is useful for the site administrator, but... It violates GDPR regulation since the site still have personal data after the removal:
- Name
- Email
- IP

Well... There are some ways to go. What I can suggest as an idea:

Add special option in back-end interface to save minimal user's information. If this option enabled, the component will store userID, Username (need to verify is it part of personal data or not), task, status, date and notes. But no Name, Email and IP will be saved in DB table. So, storing this personal data will be at site administrator's choice.
Add export button. The data can be exported in .CSV format.
All activities are purged after X days.

This is a raw idea, but it is better to discuss it. What do you think?

driver6661

On other hand, we should see all pending items to make sure who is requested the removal.
But if the request is approved and the user is erased, maybe it would be good to anonymize their personal data.

Have a look at the screenshot as an example of this idea.