Activation of IP anonymization is necessary as IP data can be used as personally identifiable information (PII), and in any decent tool this should be possible to activate with little effort. If Google Analytics is in use on your site then this should be active, for a more in depth explanation visit the IP Anonymization in Google Analytics page.>
IPs in web server logs
The false sensation of having done anonymization right with your tracking solution evaporates at this point when the realization of IPs in web server logs kicks in. Not only web tracking stores IPs, in fact most internet connected servers generate log files packed with IP data.
If your website, like this one, shares IP number with other websites then very likely all the visiting IP's will be stored in one or several common log files.
This is one reason why hosting companies have denied website owners log file access, and with regards to GDPR created vague Data Processing Agreements (DPA) falsely claim to be data collectors or just simply obstruct log access.
The sheer amount of sites sharing an IP can be found when doing a reverse IP lookup (try ViewDNS.info), the combo of silly hosting provider, packed web server, and no log access are good reasons to move on.
After several attempts demanding access to log files it become evident that the hosting company was after several years of solid service no longer an option. After move to a far more flexible hosting provider this site has a far better service but also log file access.
Web server log file access
Once access to the log files is possible then anonymization and/or setting up a log retention policy is possible. As the log retention of the hosting company (for audit / abuse monitoring) might differ it is recommended to verify with them that they comply regarding logs they collect. Normally the DPA should regulate this.