Data protection laws and regulations, such as the General Data Protection Regulation (GDPR) might require specific handling of user data, even after a user profile is removed from ActiveTransfer. This user data might be personally identifiable information (PII), such as user names, email addresses, or client IP addresses of employees or clients stored in ActiveTransfer and the central user directory or LDAP. When a user is removed from ActiveTransfer, the user information is still available in the central user directory or LDAP as the information might be used by other products. For information about configuring GDPR settings in My webMethods Server, see the "Configuring GDPR Settings" in Administering My webMethods Server. To comply with data protection requirements and user requests, in addition to deleting the user account, you may need to complete activities such as deleting or masking the user data.