2) If I did signed up I make the effort of going through their unsubscribe procedure.
3.1) If I still get e-mails after (2), I file a request for my personal data under the GDPR (EU citizen here).
3.2) Once I got that, I use the GDPR to delete all of the data associated with my account / e-mail address.
4) If I still get e-mails after (3), it goes to SPAM.
With step 3, I hope that I can make them notice their bad behaviour. My goal is to drive up the costs of that behaviour (so they get incentivised to change it). Also, I'm generally interested in the personal data that a service has associated with me.
That would be the way to go, indeed. It didn't happen yet. I'm not sure if I'd take it to the privacy authority, since that would involve much more work, I think.
You might be surprised. I worked for an organisation that got ~1000 requests a year up until recently, each request involved going into every system manually, taking screenshots, tagging files etc. Quite often a good few hours per request and on a few memorable occasions, several days work for a single request. It definitely does cost many larger companies, but to varying degrees.
1) If I never signed up goes immediately to SPAM.
2) If I did signed up I make the effort of going through their unsubscribe procedure.
3.1) If I still get e-mails after (2), I file a request for my personal data under the GDPR (EU citizen here).
3.2) Once I got that, I use the GDPR to delete all of the data associated with my account / e-mail address.
4) If I still get e-mails after (3), it goes to SPAM.
With step 3, I hope that I can make them notice their bad behaviour. My goal is to drive up the costs of that behaviour (so they get incentivised to change it). Also, I'm generally interested in the personal data that a service has associated with me.