This article is written from the point of view of an email marketer. But it gives clear direction on what information needs to be collected and at it's heart GDPR affects all aspects of digital.
Currently this would mean implicit opt in for cookie information and T's and C's that explain exactly what the data could be used for.
With fines of 4% of turnover and €20 Million being banded about - this is something that we all need to get right.
However, my own opinion is by May 2018 the legislation will have changed from it's current strict format.... watch this space.
With GDPR in place, marketers will only be allowed to send email to people who’ve opted-in to receive messages. While this has already been the case in most European countries under the EU Privacy Directive, GDPR further specifies the nature of consent that’s required for commercial communication. Starting in May 2018, brands have to collect affirmative consent that is “freely given, specific, informed and unambiguous” to be compliant with GDPR. "The GDPR demands that the recipient is provided with adequate information on how their data will be used. For example, if you intend to profile someone’s data to determine what offers they receive, you must now tell your customer that is how you intend to use the data and give them the opportunity to object. – Tim Roe"