When deleting a user from user interface (probably for web-service also) not all the personal data is deleted or scrambled. (example lastip, phone, address ...). This is not GDPR compliant.
Steps to reproduce:
1) create a user with personal data like phone, address, url
2) login as that user - lastip will be stored
3) delete the user
4) email and username are scrambled, but the other personal data is still there.
Affected versions : probably all. (I tested in 3.5, 3.4, 3.3)
Tracker issue created: https://tracker.moodle.org/browse/MDL-62830 and code added.