[Silhouette]

Isn't the difficulty in proving actual damages in a personal claim one of the main arguments for making this a regulatory matter?

As mentioned in my other comment near here, the regulators have started issuing some reasonably substantial fines already.

[gingerlime]

Yes, absolutely. Yet the likelihood of Acxiom being fined anything other than some token amount in a case like mine is virtually zero.

[Silhouette]

It feels like that, but I wonder how long it will be before one of the regulators decides to make an example of one of the big data-hoarding companies. Their whole business model is morally and now also legally dubious, and it's so obviously against the spirit of the GDPR that it seems like a matter of time before someone decides to pick a fight. I doubt it will be a single case like yours that starts it, unless perhaps it provides a convenient excuse to start an investigation, but it will be a thousand or a million situations like yours that motivate it.