I also found the e-mail after searching the website for a while. It's an odd choice for the location, I assumed that such contact e-mails would be located under Support or Contact sections.

The problem with the GDPR is that there is no enforcement. At best, you're relying on the other party acting in good faith and wanting to respect the regulation.

I've had companies that breached the regulation, complained to them with no effect, raised it with the ICO, they got back to me, upheld my complaint, reached out to the company and still nothing despite them being based in the UK thus enforcing fines is trivial.

There is nothing preventing this company from getting back to you saying that "for security reasons (or other BS reason) the Discord-based process is the only way to delete your account" and you wouldn't be able to do anything about it because even the relevant authorities don't seem to care.

There has been a number of fines. British Airways is on top of the leaderboard this far with €200M.

https://www.enforcementtracker.com/

I'm not sure about how efficient the process is, but there is some enforcement.

> I'm not sure about how efficient the process is, but there is some enforcement.

At least in Germany, it's okay in some states, essentially non-existant in others. I've reported some serious breaches, and about half of the responses were within 5 days, the other half haven't happened yet, after > 12 months. Reminding them just lead to getting an official case number, so they didn't forget, they just can't/won't enforce.

Is there even a single fine about Facebook/Google Analytics/Mixpanel/etc tracking? This is one of the major problems with online privacy right now, should be very easy to detect (run a web crawler and look for the analytics code being loaded) and yet nothing is being done.