The spam won't go away. Once your address is out there it will stay out there (unless you change your email address).
Those email lists only tend to get longer, never shorter, I still see spam sent to addresses I haven't used in years (and backlink spam requests for websites that haven't been alive since the 90's!).
I will just kill the email address. Due to the tracking on internet I am using a customized email address for each site where I register to (for example sha1(news.ycombinator.com-secret)@mydomain.com) while my personal address is never used on any website so my antispam quest is quite simple :) You send spam, you are redirected to /dev/null
As a side effect, I know when my address is sold to anyone and by which site, I am already sharpening my papers, after 25. of May, every website that will give away my address is going to get serious papercut.
The burden of proving the provenance of the data relies on the data controller. Unless the data controller wants to pay a high fine, he has to prove where he got the data, and how/when/where the data owner agreed that the data controller was allowed to use the data.
Those email lists only tend to get longer, never shorter, I still see spam sent to addresses I haven't used in years (and backlink spam requests for websites that haven't been alive since the 90's!).