Maintaining privacy is a complicated process and most people don't even know where to start. When trying to define what privacy should be the EU GDPR law drones on for 261 pages, not exactly a guide for practice over principles. So what can we do as individuals and organisations?
Certainly, businesses can take a few lessons from GDPR. GDPR is teaching us to collect less information from our customers unless we really need it. Even if you don't need to comply with GDPR, this is simply a good practice. Your business saves money by having less data to protect and your customers gain the privacy that many desire in the process. Want users to use secure passwords? Provide them with password management tools and training, especially if users can use the same tool at home to benefit their families. Humans will do what is easiest, so it is our job to make privacy as easy as possible.
Individuals need to take control of their privacy the best they can. It isn't impossible and often it isn't even hard, you simply have to keep your eyes open and not surrender sensitive information to organisations that don't need it. Carefully consider how much information you are asked to surrender compared to what you are being provided in return. Your identity is valuable and you shouldn't give it up for trivial services. Sadly once your information is stolen it can be impossible to put the genie back in the bottle, don't give out your details to those who don't need it. I have a secret birthday I don't share with sites that ask… It's my real one.