That's impossible with the GDPR for privacy relevant data. That data cannot legally be an asset of a company because a company cannot own it. A company may be a data processor or data controller, but not a data owner for other peoples private data. They may choose to ask each individual if they agree to let another company use the data, but that's a different thing.