The image summarizes digital consumer data and privacy rights in the European Union, Canada, and the United States. Many startups, developers, and investors have an irrational fear of the GDPR. You don't have feel that way. In most business models, there is no need to capture every user's data. If you consider the best for your user from a privacy perspective, the rules of GDPR or PIPEDA will be straightforward to understand.
My experience in building Fintech products and dealing with the user and business data shows me that if you plan well, limit your data gathering scope, and focus on what you need, you end up not having to gather every data point from your users. You will only capture what you need, comply with any of those privacy laws, and your users will appreciate it.