I wonder if you came across the situation of a data privacy request from a user of SugraCRM. According to GDPR a users are also data subjects and can therefore ask which personal information is stored and in case of an former employee also ask for erasure.
Request on Personal information:
We could show the personal information as a screen shot from the user profile, but it will get complex when you need to show an activity overview.
Request to erase personal information:
In case of an request to erase information we could delete the user profile but this would not give us a save documentation. Also the User Module is not marked for auditing, I wonder where we could change this if at all.