The email is legitimate. It's being sent to email addresses that aren't active on Avast account and we want to be sure before deletion that user doesn't want to keep the account. If user clicks on the button in email or logs in into Avast account we take them as active and won't delete the Avast Account.
I have to say it is poorly worded (or example) as I don't believe the EU General Data Protection Regulations (GPRD) information should be combined with anything else, like logging on, etc.
That just looks like a phishing exercise, as there should be no requirement to have to do anything else to comply on the part of the user.
I have had many emails about GPRD and all they have done is let the person know that they comply with the GPRD rules.
Also the "If you keep your account active, we will also send you the latest online security news and product updates" is essentially authorisation to spam. Again I don't feel this should be a part of any GPRD compliance notification.