Contrary to popular belief, having a checkbox on every form that collects is not required under the GDPR. A checkbox isn’t required if the user, by submitting a form for its stated use, gives explicit consent.
For example, a contact form needed for support requessts, where the intended use of the collected data is to send a reply to your question, does not require an additional consent checkbox.
If additional actionable uses of the collected data may exist, an explicit consent checkbox will probably be required. See below examples regarding newsletters, it can be easier andmore effective than you might realize!
Example: Collected data is not relevant to stated use
Example: Although allowed. You don't need a checkbox.
The stated use is “Get a monthly update about our services to your inbox.” The act of subscribing consents to the stated use. In this case the frequency and content are clear and concise, but do not deviate from the exact purpose.
Example: Simple and effective
This is a simple and effective way of collecting email addresses, without any consent.