Protect the data you store and only keep what you need.
Make it easy to retrieve, delete and anonymise data when you need to.
Get fair consent before you communicate with users and maintain a preferences management. Get consent for photos before publishing them.
Users must be able to opt out of profiling.