Ah the easy route, just pop up a one size fits all opt-in to all forms and GDPR is solved for. It’s just not that easy. The regulation goes into a lot more detail.
The GDPR clearly states that you need specific legal basis for every type of processing. Consent (or opt-in under ePrivacy - more on the difference here) is one of these legal bases but you cannot solve everything with one opt in as the regulation clearly states that you cannot use blanket consent for all types of processing. Besides, consent can be withdrawn so it’s a good idea to document other reasons you are processing someone's personal data.
Specifically sensitive types of data require additional, explicit and specific consent before you are allowed to process. Medical data is one of many examples in this space but also something as simple as biometric data. What falls under biometric data? Well, a profile photo is sensitive data under the GDPR.
One size fits all will never work and can get you into serious trouble. While you do need an opt-in, remember, it’s one of many practices you need to have implemented by May 25th 2018.