Re: GDPR to the rescue
Hmm. Let's see. You probably have an Oyster card, and the incentive to hand over your details starts there because that's the only way you can cover its loss.
So, you have an identity ping straight on entry. Collect a WiFi/Bluetooth hash at that point and you're in business. You clock a user in, you track his/her every movement in the station and you clock them out at the other end. As a side effect of making mobile phones on the Underground you also have some picocells around. They will clock phone data, even if the phone is of a different network (they won't be able to log on, but there's still first an ident processed).
Your best but is to consider flight mode before you even go near the entrance. Oh, and don't use an NFC enabled credit card unless you really want to give them this data on a platter before you have even set foot in the station.
I don't quite know how personal you want to get, but you really should keep in mind that there are multiple data sources at work concurrently, and that's exactly why governments are so dead keen on Big Data: it becomes harder and harder to avoid surveillance.
Unless, of course, you have a high end government position...