GDPR is the guiding regulation for stores handling EU customer data. In these regulations and the opinion documents we find two ways to signup people to receive marketing content by email or post. You can rely on consent (opt-in) or legitimate interest (opt-out).
If you rely on a legal basis of consent to collect and process email addresses or physical address for marketing messages then you must basis it on a clear opt-in action.
Your store setup is based on the consent method.
Here is an example of how the process can work for sending email newsletters:
A customer registers for your website and choose to tick box to receive newsletters.
You export and download your list of account users and only add people to your newsletter service if they've selected "Yes" (opt-in to receive newsletters). You also use the "No" (opt-out from newsletters) to update your unsubscribe list before sending your email.
At the bottom of every newsletter email you send you include an unsubscribe link so they can opt-out at any time. Customers can also opt out
Registration Screen with "Special Offers" option:
Newsletter option within the user profile area