my suggestion is to add a tool in the GDPR bundle that permits to delete accounts of inactive users after a certain period (2 years for example). This is due to the GDPR requirement to give a term to the data processing. So you can tell that you process data (for example) for 2 years following the last interaction. ( I don't know if I'm explaining well... hope so).
- system detects user is inactive for 2 years from its last access
- system suspends the account and advises admin
- admin chooses to delete account or leave it suspended (it depends on admin policy)
The tool I'm working on now (I'd like to release it before Monday)
1. offers users the ability to download their data - per GDPR Article 20
2. offers (optional) users the ability to delete their account per GDPR Article 17
The delete option has 2 methods:
1. Anonymize - identifying information is purged, but the account remains with a generic username
2. Delete - the axe!
These features are in the plugin I'm writing now, and as I said - I hope to release before Monday.
Stop processing data is not the same as disable/delete inactive users - that is outside of the scope of GDPR, so I would make that a separate plugin. It's totally possible though, and won't take very long to write.