As the status of Pauls idea is still on "NEW", I understand that it has not been taken in account by MS in the last 6 month yet.

I absolutely agree to Pauls idea, which - frankly speaking - is legally mandatory (at least for European countries)!
In general Microsoft Dynamics 365 Marketing lacks GDPR compliant out of the box solutions.
(E.g. same goes with cookie management on dynamics portal pages - but that is a different story.)

It is inevitable that changes in forms get stored at a contact only after the reconfirmation of the data subject (=contact) took place via DOI mail!

To make it even worse:
We faced the completely unexpected situation (luckily it was during tests) that, if in a marketing form an email address is used, which already exists in the Dynamics database, after submit of the form the existing data get instantly overwritten with the ones in the marketing form!

Thus, the provided DOI implementation seems to me as an unacceptable breach of data integrity and GDPR regulations.

To sum it up:
If I understand correctly, as long as this DOI is not working legally compliant, no implementation of Microsoft Dynamics marketing forms can be used even for a plain and simple email registration form (at least without heavy customizing and workarounds)!