IMHO, as long as Elitium complies with the GDPR, it won't be a problem (from the legal perspective) because companies always have their customers record. The problem is with security, like how to prevent data leak, stolen, etc.
Thank you for your answer, I'm just remember about
data leaking of voice records that happens because of Google partner, of course GDPR is good, as you say cyber crime is the real enemy for our online data, maybe destroying activity tracking can minimized risk of leaking VERA users activity like Google Voice case. CMIIW
Perhaps with all data being stored in centralized servers, there must be a technological solution. Theoretically, if you were to collect data just on a specified blockchain and PGP encrypt it with your own keys... Wouldn't this save a lot of money in the security world? Of course, the average phone and laptop user may not be privy to this knowledge but when we undergo a earth-threatening data leak, maybe there could be time for some big technological changes. Data privacy is still quite limited but GDPR is a great help.