What is GDPR? It's the EUs General Data Protection Regulation that requires websites to insure that the privacy of people who visit the site is protected, and that the information gathered and used is clearly noted.
Part of the compliance involves making sure your EU email subscribers want to be on your email list. If you have readers to your website or blog who reside in the EU, you're required to put in protocols that insure you're email list is GDPR compliant.
Another aspect of GDPR involves being transparent about what data is collected and how it's used. If you have a website that takes payments, uses Google Analytics, has an email list, drops cookies, etc, you're collecting and using data.
Whether you're in the EU or not, if you have readers or subscribers from the EU, you should make sure you're compliant.
Admittedly, it's a pain in the behind and like many government regulations, isn't easy to figure out what exactly you need to do.
Here's what I did on my sites, but I'm not an expert, so below you'll find more information to get help:
For Email Lists
1) Emailed all my EU subscribers and asked them to re-confirm their subscription. Any who don't re-confirm should be deleted.
2) Add a confirmation checkbox on your email sign up list. (see image below). Don't set the box's default as checked. Your subscriber need to actually check it.
3) Unsubscribe links or instructions need to be in each email.
4) Make sure you're CAN-SPAM compliant as well.
2) Add a Terms of Service page to your website.
3) Add a Privacy page to your site. This should cover the types of data collected and what it's used for. For both Terms and Conditions and Privacy pages, you'll want to research templates or hire help. They're fairly detailed.
For more information about GDPR and whether you need to concern yourself with it, here are some resources to check out:
Introduction to GDPR (video)
Preparing for GDPR - 12 Steps (PDF)
Sample Email Sign up Box