I’m going to let you into a little secret.

I can go to your website and just by looking at it, I can tell whether you comply with GDPR. It’s not magic or clever.

Once you know what GDPR requires of a business, anyone with that knowledge can go to a website and see if a business complies. Looking at a privacy notice will tell you whether they are meeting the latest requirements about cookies, sharing, and storage etc.

Signing up for the free thing or a newsletter will tell you if they are complying with the consent requirements.

The interesting thing here is that if anyone can do that, it also means the Information Commissioners Office can do it to. Think of it as a desktop investigation.

My advice. Work out what you need to do for your website and sign up forms as a priority and then put that stuff into place. Don’t get caught out that easily. Make it difficult for people to evaluate your level of compliance by looking at your website.