This applies to collecting data which uses “Consent” as the “Lawful Basis” and the user will need to take a positive action to sign up.

Where It Applies
What Happens
How To Implement It
Newsletter signups via registration and checkout
The newsletter sign up option will be displayed unticked and therefore the user now has to tick it to give positive consent. This is a change to the present method which automatically ticks it for the user.

NB It is recommended that double opt-in emails are sent as it requires extra consent and allows you to enter text for the right to object to processing.
A new setting is automatically set in Admin > Site Settings > General via the field called "Tick the Newsletter Signup checkbox by default" which is left unticked to comply with GDPR.

If you want buyers to be automatically subscribed to your newsletter because GDPR does not apply to them, then tick this field.

Double Opt-In
Go into Site Setting > General > Enable Double/Confirmed Opt-In Newsletter Signup and tick this field.
Go into Page Manager and add text for the right to object on the page "Email Newsletter Double Opt In" e.g. "You have the right to object to our processing of your personal data. See our privacy policy for full details."
Newsletter signup app used in Page Manager

The user is knowingly signing up as a deliberate action and will receive a double opt-in email to confirm their subscription.
Already in place.
Preferential Pricing Manager
A tick box can be shown in the registration process via the site settings which can be unticked to opt-out. This is effectively a soft opt-in and so your terms must reflect this is a condition of use, but that future marketing emails will have the ability to opt-out.
In Preferential Pricing Manager, tick "Display tick box during registration to allow user to opt-out of marketing emails".

Review/update your terms appropriate to the way your scheme works.
Any forms which add users to the system for marketing purposes
Forms which use the signup process will add users to the user database and send them a double opt-in email to confirm their subscription as well.
It is recommended that you add a tickbox to forms for users to give their consent to be signed up. See below for details.

If they do not tick the box, then you will still receive their enquiry but they will not be added to the user database.
Any third party you have added to the site that subscribe users to their systems e.g. Mailchimp

You need to check how consent is handled directly with the third party service provider.
Check with third party service provider(s).
Custom applications that have been built on the site and may also use the API to subscribe users

You need to check how consent is handled by the website designer responsible for the custom application.
Check with the website designer.

Checking Your Double Opt-in Emails

You may wish to review the text used in your opt-in emails via Page Manager > system page > email_newsletter_double_opt_in & newsletter_opt_in_confirmation 

Read more on double opt-in (scroll to bottom of article)

Adding A Tickbox For Sign Up Consent

For each form, go into Forms & processes and add in a new field as shown below. 

Tip: If the new field does not appear on the form on the web page it is because the form HTML has been embedded directly into the page and you will need to re-embed this with the new field. 

Read more about Forms In Our GDPR Phase 1 Update

Disclaimer - take independent advice - click to read more