The WP Security Audit Log is fully in-line with the GDPR compliance requirements, so you can use the plugin on websites that have to be GDPR compliant. Here is all the information you need to know about the WordPress activity log plugin in relation to user privacy and GDPR compliance.
Can I keep a WordPress activity log and have a GDPR compliant website?
The GDPR stipulates that website administrators keep a log of everything that happens on their websites to make sure that only the authorized users access sensitive data. So by keeping a WordPress activity log (audit trail) you ensure that you check another check-box towards GDPR compliance.
What user information does the plugin logs?
The WP Security Audit Log plugin keeps an activity log of all the changes that logged in WordPress users do. The only information the plugin keeps about non-authenticated website visitors is their IP address when they request a non-existing page (HTTP 404 error) or fail to login to WordPress – such functionality can be easily disabled via a checkbox option.
Where does the plugin store the WordPress activity log?
The WP Security Audit Log plugin keeps the WordPress activity log in the WordPress database, as explained in the WP Security Audit Log & WordPress database usage documentation.
For how long is the activity log data kept in the WordPress database?
It is up to you to specify for how long the WordPress activity log data is kept by configuring the WordPress activity log retention in the plugin settings.
Can I notifiy the users that an activity log of all their changes is being kept?
Yes, you can configure the activity log plugin to show a notification in the WordPress login page. The message is disabled by default and can also be modified.