Just wanted to update this thread since the EU GDPR is applicable since yesterday. As of now, you will be able to rely on the rights stated above.
I have already noticed that a lot of service providers like banks etc. have sent me new forms so that I can give my express consent to what they are doing with my data. I am wondering if any ICOs will follow.
That's great. I really hope this becomes a standard in terms of data protection. Data use and consent are covered by those long agreements that no one reads for the most part, but it's still great that there are very specific rules now. The right to be forgotten is especially attractive considering how pretty much everyone can be Googled at this point.
ICOs are going to be tricky because most are built to raise money and bail anyway, but I'm sure the legitimate ones would abide by this for extra legitimacy even if they're not required. This could very well be a new factor in figuring out which projects are legit.