This one wins

@Brosyl https://joyfulnoiserecordings.com//

Is an email part of the requirement for GDPR?

@demortes iirc there was something about it, like you need to use all your channels available to inform your customers about the change

@JoshBent mildly annoying but I assume it's when your privacy policy changes

Josh + Brosyl = Cable

@demortes If you want to use user data for anything, the users have to agree. Full opt-in. It's not like you can first gather the email address for setting up a user account and then use it for a newsletter.

@demortes no, and 90 percent of the emails are opt out which is already not GDPR compliant.

What I notice is that the "small" companies perform better at these things. Paizo unsubscribed me from every of their emails, subscribed back to one.

@Codex404
Riot.im did a nice opt-in thing. I like their approach.

There are 2 things you are supposed to do:

1) when you update your contract, the user is supposed to agree to the new term. Hence the email about privacy policy update. Not really sure it's specific about the GDPR (though the privacy policy is updated because of the GDPR)

2) you are supposed to have provable consent about newsletter opt-in. Very few company (out of all that send the privacy policy update) actually do that. If you are on their newsletter and they can't prove your consent, you could complain to your local GDPR enforcer (varies by country) to trigger an investigation (at least I suppose that's how it works).

Long story short: this looks as an opt-out, they can't prove consent on your part, therefore NO, they do not fully comply with GDPR.

Also, if I understand GDPR correctly, you are supposed to inform your users, not tell them "request it to us" (at least in the spirit of the law). So that's double failure.

@Fradow you are completely right.