In terms of consent, the GDPR only reinforces the good practices already established in the E-Privacy Directive (2002). The GDPR specifies that consent must be given through an informed, specific and unambiguous positive action. To be compliant with the GDPR, your form must:
- Specify how personal data will be used (an email address will be sent newsletters, an invitation to events, etc.)
- Only request only necessary personal data (e.g. do not request a postal address if this data will not be used)
- Consent is only valid if given through an "active opt-in" (e.g. do not pre-fill or "pre-check" consent boxes for the user - they must actively select it)
Brevo allows you to easily create GDPR compliant forms by following this tutorial: Create a GDPR compliant subscription form.