Comment by littlestymaar

Of course you can. And you don't need any consent from the user for doing so.

The only thing you need to do is to have some document where you list all the personal information you process and store, for how long and what you do with the said data.

What you cannot do is store data that you don't have a legitimate interest in storing. And this is why you have to document what you do with the data, because if you're not doing anything with it (“I want to store 10 years worth of IP address logs just in case”) then you aren't allowed to (on the opposite “I want to store IP addresses for a month for DDoS protection purpose ” is allowed).