You can't delete your account by self-service, you have to email dang, which is probably non-compliance because it adds friction. It's a grey area, it'd have to be tested in court. I highly doubt anyone will bring a case though. That's like calling the police on your own drug dealer. (IANAL)
> which is probably non-compliance because it adds friction.
You're gonna have to point to part of the regulation where thats not allowed. there is a mechanism for deletion. so long as its done within 30 days its still within spec
I don't know it inside out but I'm following the basic standard "it should be as easy to withdraw consent as give it"
The overall point being that if you want to use a product/service, you'll look past minor violations of local regulations on account deletion or charger bundling.
Some of GDPR's language around consent for data processing (which, I will note, you only need if you don't have a legitimate and expected purpose for storing and processing it!) has implications for friction: many 'cookie popups' are not compliant because they make not giving consent harder than giving consent.
But deletion requests are not so strong: if you make people really jump through hoops then you might get in some trouble, but the expencted standard is basically at 'sending an email and getting a result within 30 days'.
Depending on the data "sending an email and getting a result within 30 days" may not be basis for approving deletion request. You have no way to identify whether the data is associated with the person (if the data is not associated with the email).
So additional validation would surely be subject to friction.