No. This is the myth that "consent is always required". There are several justifications for processing personal data, and consent is just one of them. There are others.
First, notice how things like legitimate interests are not narrowly defined and left up to the DPA to judge. Which makes it hard to know whether you even need consent or not. Second, this is ICO, the British regulator. There are 28 of them one in each country and they won't always agree, so the application of GDPR policies can vary.
Legitimate interest definition is almost exactly the same as the existing laws on handling private information. If you want to complain about it, don't complain about the GDPR. If you've been handling private information for EU customers and have been complying with the law, then there is practically nothing for you to do.
But, again, if you're not compliant they'll just write a letter telling you this and asking you to come into compliance.
At that point you can check your understanding of the law and what you're doing and write back letting them know why you think you're in compliance; or you can change your process; or you can take it to court.
What happens when that is not possible though? E.g. in the case there is a breach and it is found out because of it that you were not compliant. Do they still write you a letter? Also , is this procedure common for all DPAs or just for the UK?
