The way I read this, your main concern is privacy.
So, don't use your ISP resolvers. The pi-hole installation doesn't support it, but nothing keeps you from creating /etc/dnsmasq.d/99-resolvers.conf, containing as many SERVER entries as you want, then remove the SERVER settings from /etc/dnsmasq.d/01-pihole.conf and /etc/pihole/setupVars.conf (this will keep you from using the settings page, but survives a pihole update without modifications). This way, the resolvers that do keep a log are all messed up, as none of them contains the full picture of what it is you are doing. If you find resolvers that don't keep logs, you can use these, just make sure you find enough of them (and trust them to do what they claim).
You found the article, use dnscrypt-proxy, just make sure you use resolvers that use port 443. I've read somewhere (can't find it anymore) that the default compilation allows up to six (6) resolvers. If you don't care witch resolvers are used, dnscrypt-proxy allows a random resolver setup, e.g. use any resolver from the list that doesn't keep logs.
Again, don't use your ISP resolvers. Use resolvers outside the UK, preferably outside the fourteen eye countries, as indicated by Koent in one of the above posts.
I think, the more measures you take to protect your privacy, the more you risk you take to get their attention.
Given the recent articles I've been reading (hacking by the CIA), I'm convinced the best protection is to deny devices internet access altogether, e.g. if you don't use the smart functions of your television, just block it's (fixed) IP in your firewall, deny the management (fixed) IP's of switches and other devices internet access
Running a private DNS server (or cache) seems an overkill for private networks, It just increases the burden of maintaining them, creates an extra point of failure, and, eventually, you will have to get the data from the outside world anyway.
For now, I'll stick to pi-hole, dnscrypt-proxy and DNSSEC (requires upgraded dnsmasq).