The changes to GDPR have meant nothing to me in reality. To me anyway there was a marked change on the day of it coming into force. Beforehend everyone was saying there was the change to needing to have to "opt-in", whereas on the day of the roll-out and ever since, everyone changed back to being automatically enrolled (to maintain your "convenience") -but they're advising you that you have to "opt-out" in order to comply wih the new rules. Eh? If that makes any sense compared to how the published reules are, then feel free to explain!
...I am very sceptical about check boxes. In my experience, opt-outs on webpages mean absolutely nothing or, in the case of placing an order, you can't actually place the order unless you check the "opt-in" box. It's very naive to think a company will delete your details just because of GDPR. They will break the rules until they end up in court, and then it's just damage mitigation or "collateral damage". Keep on checking them little boxes and small print though. I went away from ordering from the likes of Amazon years ago when I realised allot of it was available in shops anyway, so I always prefer to support them direct instead, and cut-out the middle-man.