Contrary to popular belief, having a checkbox on every form that collects personal data is not required under the GDPR. A checkbox isn’t required if the user, by submitting a form for its stated use, gives explicit consent.
For example, a contact form needed for support requessts, where the intended use of the collected data is to send a reply to your question, does not require an additional consent checkbox.
If additional actionable uses of the collected data may exist, an explicit consent checkbox will probably be required. See below examples regarding newsletters, it can be easier andmore effective than you might realize!
Example: Collected data is not relevant to stated use
If you’re collecting data that is not directly related to the stated use, you will need consent and your privacy statement should explain how this data is handled. Instead of personalizing content based on personal information, let users pick prefilled categories that are relevant to them.
Example: Although allowed. You don't need a checkbox.
The stated use is “Get a monthly update about our services to your inbox.” The act of subscribing consents to the stated use. In this case the frequency and content are clear and concise, but do not deviate from the exact purpose.
Example: Simple and effective
This is a simple and effective way of collecting email addresses, without any consent.