[beberlei]

that is not true being that extreme.

as per GDPR 6(1) grounds for processing can be (b) performance of contract, (c) compliance with legal obligations (d) vital interests of data subject - which can all cover logging ip addresses and user agents for network security reasons (for a short amount of time) to protect the user, which log files are often used for. (IANAL)

[jiveturkey]

yup. lots and LOTS of misunderstanding about GDPR out there. there are plenty of “escapes” for stuff like this. you just have to be mindful, and do things deliberately, which is a good thing. bigger companies will want formal review processes as CYA.