Easiest way to comply is not storing any identifiable data unless absolutely necessary for your service.
You can still collect anonymous statistics if you apply techniques like k-anonymity to make sure you can't deanonymize it. (https://iapp.org/news/a/top-10-operational-impacts-of-the-gd...)