[GordonS]

The only reason we log IP addresses is for security purposes (e.g. to block IPs that hammer the service, for forensic investigations, fraud prevention) - in GDPR terms, that is a "legitimate interest".

Regarding backups, realistically you are not going to have to delete data from them, as it's completely impractical to delete only data for a particular user from archive. If a user requests their data to be deleted, delete it from the live site and be open with them that some data will remain in archive - securely encrypted and untouched - for your defined retention period.

Regarding analytics, we use Google Analytics, which uses IP addresses to guess location, but doesn't make them available in the admin site - so GA doesn't actually give us any PII. As such, we simply reworded the privacy policy to be more easily readable, so it's completely clear what data we collect and why. The forthcoming Privacy and Electronic Communications Regulation (aka ePrivacy Regulation) should provide some clarity if anything else is required, but it seems likely that simply having cookies enabled in your browser will count as consent.