I personally think that GDPR shouldn’t be a problem on data collectors side. It is a topic too complex to be sorted out at that level. Of course the data collector needs a training on how to conduct an interview, how and when asking sensitive questions.
But data protection should be more on server side, a problem for the PI, the institution that run the project.
What I have in mind is more granular permission on server side (who can access certain data and what that person can see inside a project.
Apart from this maybe the possibility to define at form level a field that contains info on data that should not be in the downloaded file, the possibility to download anonymised data (identification field not downloaded), and give access to those fields to authorised users maybe?
Tech integration: more examples on how to use the api could be useful. I added in the past a couple of examples
Maybe more video like yours (great job!!!), on the usage of PowerBI or other tools and how to practically integrate them with ODK?
Export directly to stata, SAS, SPSS or… 