cmcjacob Don't worry, I'm french and I know the GDPR, I teach it to companies.
In France we have the official government service "CNIL", an I'm registred since... more than 18 years.
Because my organization has its own servers, we have in the french law an obligation to get backup of all traffic on these servers during 3 years... IPs are personnal data for the GPRD, but we are also obliged to connect the users and the addresses used.
The goal is to be able to identify forbidden users through proxies or VPNs that do not depend of GDRP, such as Russia for example, and block them.
Personal data collected is declared to the CNIL officially.
Thank you for the warning.