Comment by bluecalm

My point is that it's written in a way that makes malicious compliance possible.

One way to improve it would be to make it clear you can't require any consent before providing your service. It's either necessary or don't ask for it. As it is in Poland you are now served a long form at every opportunity and you have to agree to some part of it or be denied service. Online or when calling you get to listen to a long formula about privacy policy and who administer your data every time you call a bank or most other institutions. It made everyday life worse.

There is no way for me to verify that a given entity is following the contract anyway. GDPR could easily be transparent for consumers/clients. Instead it resulted in additional burden.