not many
just do not collect

Brainstorming: store client-side data in localstorage. Not all of course, but only what falls under such laws. Something like the first copy, the main portion, the primary collection. In the Russian Federation, for example, it is necessary to conduct "primary" processing of personal data on the territory of the Russian Federation, but it is possible to duplicate it on foreign servers. Thus, to the question "where is the user data?" you answer: "Users have the same!", And you yourself "reserve" them and do everything with them already at home.
From practice: according to this principle (primary in the Russian Federation, and a type of copy abroad), large foreign companies arrive, which, for example, have one corporate system for the whole world, and many representative offices. In Russia, they rent a server and keep a copy of the data here. From the point of view of technology, a copy on the territory of the Russian Federation is a secondary copy, and from the point of view of the law ("On Personal Data" in this case) it is a primary copy.

How to get rid of the processing of personal data?
It is necessary to replace the "clean" received information with hashes through hashing operations directly on the client (browser, application, etc.) before sending the data to the server.
After receiving them on the server side, you will process already anonymized data, because There is no way to restore "clean" data by hash.
Anonymized data is no longer personal.