[tomclive]

It'll be interesting to see how this plays out. How explicit does the consent need to be? How obvious do deletions need to be? Will server location cause problems?

It seems obvious that comments won't cause an issue but because of the fluffy language of GDPR some interpretations could make simple things like this problematic.

[guitarbill]

The GDPR is not fluffy language per se, just for people used to the overworked American style of legal documents where everything needs to be explicit.

Also, people seem to get hung up on consent. There are several lawful basis for processing data, consent is one of them. It's also the most abused, so it's the most heavily regulated in the GDPR. Ad-tech and the scummy parts on the web rely on "consent" (or lack thereof).

Normal website usage like eCommerce or even posting a comment can use other bases, like most legitimate interests - that's why they call it that.

Right to erasure is also fairly obvious as far as deletions go. Right to restrict processing is a bit trickier. Server location is also much more interesting, due to the infamous and rather shaky Privacy Shield.