No I'm not very sure, IANAL. I just thought that "Abmahnen", for once, could actually be used for something useful when it was used to bother small sites for violating the German "Impressumspflicht" (duty to include press contact info on sites). I'm also not sure it can be legally excluded for GDPR specifically as it has been a staple of German "Rechtspflege" (procurement of law by private orgs) for a long time. I know there has been a relative recent change in jurisdiction where compensation for "Abmahnen" was denied when it wasn't carried out in good faith, but I don't believe GDPR violators can rely on that one for continuing malpractice. I also believe when GDPR was enacted in 2017, internet companies got an additional two year's period of bringing their sites into compliance.
Sounds to me like it's not in general permitted (but with a huge exemption), but is possibly permitted to the extent that failure to comply with the GDPR constitutes unfair competition. So that means you can't simply use the "Abmahnen" procedure to enforce privacy rights, but rather need to demonstrate you're a market competitor and that it's relevant to your competitive position. Edit: no, I think I misread- that may be a possible conclusion but it's just not clear.
