I would go at it a little differently, and the GDPR is pretty good on this. It's the privacy by design. You say, from the very first steps when we're collecting information, that we are designing the system around protecting that information. We think of the protection of that information first, before we start to think about how we're going to analyze it, how we're going to deal with it, how we're going to sell it, how we're going to market it, and that becomes a requirement of each individual organization as they're building their data collection.
On September 25th, 2017. See this statement in context.