[gingerlime]

In theory, yes. In practice... I'm not so sure. These processes are slow and I imagine that the regulators are drowning in complaints and are hugely understaffed.

And there's no recourse besides filing a complaint. Even if I'm legally right, what damage was caused to me that I can seek compensation for? (assuming I go and try to take them to court directly).

[Silhouette]

Isn't the difficulty in proving actual damages in a personal claim one of the main arguments for making this a regulatory matter?

As mentioned in my other comment near here, the regulators have started issuing some reasonably substantial fines already.

[gingerlime]

Yes, absolutely. Yet the likelihood of Acxiom being fined anything other than some token amount in a case like mine is virtually zero.

[Silhouette]

It feels like that, but I wonder how long it will be before one of the regulators decides to make an example of one of the big data-hoarding companies. Their whole business model is morally and now also legally dubious, and it's so obviously against the spirit of the GDPR that it seems like a matter of time before someone decides to pick a fight. I doubt it will be a single case like yours that starts it, unless perhaps it provides a convenient excuse to start an investigation, but it will be a thousand or a million situations like yours that motivate it.