This is ludicrous. Nginx logs are regulated now? What if you just want to make a static website and get on with your life?

You're not sending your nginx logs to Google, a well known advertiser, do you?

In this case you can store IP addresses if you have a legitimate reason (e.g. you can show you need it for troubleshooting etc), as long as it's reasonable and doesn't infringe on the rights of the user, and you have documented it along with the retention strategy.