So despite being a German citizen, my data protection rights depend entirely on the enforcement capacity and willingness of a foreign regulatory body. [...] This is the reality for any cross-border GDPR complaint. The regulation is EU-wide, but enforcement is national.

Some claimed it was spam and "an email automatically processed by upstream IT security systems and does not reach the responsible organizational units is legally not considered as received.

The burden is entirely on you to prove they received it.

Changes are needed

1. Cross-border enforcement needs to actually work.
2. The spam filter loophole needs to die.
3. There need to be mandatory minimum fines.
4. Data protection offices need funding and accountability.