@groowonn, I've checked several articles on cms-gdpr-readiness and nowhere it asked to have some sort of activity log. Export-import data about users - yes, they say it is a must. Overall, things vary greatly among websites which need to collect, store and process users' data. So, could you please point me to the requirement of logging activities?
@KK, since CouchCMS gives all the control, including the database, to its users, I see there is little that needs to be taken care of.. Maybe a single point of interest might be only emails of registered users. Basically, there should be a consent from users regarding storing their email in backend in plain view, available for admins to see and, possibly, abuse.