Re: "... more in the way of solutions ..."
Essentially GDPR is designed to do that. Part of the trouble is that they can only be caught in breach when someone goes after them. I suggested in the Eperian thread that we need to start at the other end: large scale* data brokers and aggregators should require a licence to operate. Conditions of the licence including a requirement to provide regular statements of data held to each data subject and regular audits. The statement would have to include by what right each item was held and there would be an obligation to correct errors and delete - and not re-collect - items for which there was no consent or for which the subject wished to withdraw consent. The statement should also include a statement of categories of data added and deleted since the last statement, and perhaps an ability to demand an interim statement of the exact holdings at some point in time of the subject's choosing**. Failure of an audit, including demonstrable failure to abide by statement rules could result in immediate suspension of the licence with it being a criminal offence to oversee continued processing after a suspension. Suspension remains in effect during any appeal.
If this makes the business model unprofitable, tough. You have a right to run a business but to to mess with others' individual rights. The ICO pointed this out quite clearly in the Experian case.
* Best defined as a function of number of data subjects, volume of data and sensitivity of data.
** If they want to permanently delete data before the first statement, fine, but unchecked they'd simply delete data before a statement and re-collect it afterwards.