GDPR · LegalUpdated July 2026

How to Use GDPR to Cancel a Subscription (Even If They Won't Let You)

Some subscriptions are designed to be impossible to cancel. Adobe hides the cancel button. Gyms require certified mail. Certain services auto-renew annual contracts with no way out. Here's the legal route that works when everything else fails.

Why GDPR works as a cancellation tool

GDPR Article 17 gives every EU and UK resident the right to demand that a company erase all personal data it holds about them. Because a subscription account literally cannot exist without personal data, an accepted erasure request forces account closure. Companies have 30 days to respond or face fines from the CNIL (France), ICO (UK), or other national supervisory authorities.

When to use the GDPR route

How to write the GDPR erasure request

Send an email directly to the company's Data Protection Officer (DPO). The subject line and body must clearly cite Article 17. Here's the exact structure:

Template (adapt to your situation):

Subject: Right to Erasure & Subscription Cancellation — Art. 17 GDPR — [Service Name]


To: [Company] — Data Protection Officer

Email: [dpo@company.com]


Dear [Company] Data Protection Officer,


I am writing to formally exercise my rights under Article 17 of the General Data Protection Regulation (EU) 2016/679 (GDPR) and request the immediate cancellation of my [Service] subscription and erasure of all personal data you hold about me.


My account details:
- Name: [YOUR FULL NAME]
- Account email: [YOUR EMAIL]
- Date of request: [DATE]


I request that [Company]:
1. Immediately cancel my subscription and stop all future charges
2. Erase all personal data associated with my account
3. Confirm in writing within 30 days (GDPR Art. 12)


Failure to comply will result in a formal complaint to the relevant supervisory authority (CNIL / ICO) with potential fines under GDPR Art. 83 of up to 4% of global annual revenue.


Yours faithfully,
[YOUR FULL NAME]
[YOUR EMAIL]

DPO email addresses for major services

Netflixprivacy@netflix.com
Spotifyprivacy@spotify.com
AdobeDPO@adobe.com
Amazon / Audibleamazon-gdpr@amazon.co.uk
Disney+privacycenter@disney.com
ChatGPT / OpenAIprivacy@openai.com
LinkedInpersonal-data-request@linkedin.com
Dropboxprivacy@dropbox.com
NordVPNprivacy@nordvpn.com
YouTube / Googlesupport-legal@google.com

What happens after you send the letter

  1. Day 0

    Letter sent

    Send via email with read-receipt if possible. Keep a copy. The 30-day clock starts from receipt.

  2. Day 1–15

    Most companies respond

    In practice, the majority of services cancel within 2 weeks of receiving a formal GDPR letter. They know the legal risk.

  3. Day 15

    No response? Send a follow-up

    Reference your original request. Remind them the 30-day deadline is approaching. CC their legal team if you can find the email.

  4. Day 30

    File a CNIL / ICO complaint

    If still no response, file a complaint at signal.cnil.fr (France) or ico.org.uk (UK). It's free and takes 5 minutes. Supervisory authorities take these seriously.

Does GDPR work for non-EU companies?

GDPR applies to any company that processes data of EU or UK residents, regardless of where the company is headquartered. Netflix, Spotify, Adobe, Amazon — all are legally required to comply with GDPR erasure requests from EU/UK users. Companies like NordVPN (Panama), even though headquartered outside the EU, process EU user data and are bound by GDPR for those users.

Generate your GDPR letter in one click

SubRadar has pre-filled GDPR Art. 17 letters for 48+ services, including the correct DPO email addresses. You can copy the letter and send it yourself in under 2 minutes. SubRadar also tracks the 30-day response window and sends you a CNIL complaint draft if the company doesn't respond in time.

Pre-filled GDPR letter, ready to send

Select your service, copy the letter, send it. SubRadar tracks the 30-day deadline and escalates automatically.

Generate my GDPR letter →