See the web page RStudio and the GDPR - What You Need to Know.
The short answer is that the IP address of requests is written to log files and stored for a period of time before deletion. There is also a process for responding to requests to be forgotten.
Hope that helps. Feel free to follow up with info@rstudio.com for further questions about GDPR compliance.