[antaviana]

I suppose the law probably is very easy to game because I remember receiving a letter via regular postal mail from one of the top utilities company in Spain that literally said "to comply with GDPR we will contact you for marketing purposes in _OUR LEGITIMATE INTEREST_. If you do not agree, contact us at this website."

Their turnover is 50B EUR so my understanding is that they earmarked some budget to check with a lawyer to ensure GDPR compliance.

Moral: ensure that your legitimate interest is to sell more and then you are fine.

[MatthewWilkes]

That's not gaming it, it's a feature. GDPR isn't designed to stop companies contacting you, it's designed to ensure companies have to think through what they're doing and have process for handling objections and problems. You have to do a "balancing check" to document your reasoning for why your legitimate interest is sufficient for what you're proposing to do.