in this forum I found a statement saying a question type plugin just needs to implement the null provider (https://moodle.org/mod/forum/discuss.php?d=365857#p1492743).
I have written a question type plugin that gets its specific feedback from a back-end server. The feedback is then stotred in the Moodle core table mdl_question_attempt_step_data as raw feedback data. In my opinion this is also user related data to be covered by GDPR, isn't it?
Unfortunaltely the specific feedback is not part of the data exported by a GDPR request and there is no question type plugin interface to add extra data. Do you have an idea how to handle this?