You could use my Custom Wizard plugin to obtain consent under the GDPR, and I would be happy to work through any issues for that use case, however unless you’re using Discourse data for something other than just running a Discourse forum, it seems (at this preliminary stage) the more suitable basis for processing and control of data in Discourse is ‘Legitimate Interests’ rather than consent.
If you’re looking for some plain language explanations from a trusted source on this question, I would recommend the UK’s Information Commissioner’s Office.
In particular the ICO notes that consent needs to be granular, possible to withdraw and cannot be a precondition of service, each of which raises issues for the way you’re proposing to obtain consent in Discourse.
Moreover, they state:
But you often won’t need consent. If consent is difficult, look for a different lawful basis.
They note: (highlights are mine)
Legitimate interests is the most flexible lawful basis for processing, but you cannot assume it will always be the most appropriate.
It is likely to be most appropriate where you use people’s data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing.
It seems to me that it would be reasonable to expect that when signing up for a discussion forum that the details you provide would be stored and processed for the purposes of running the forum.
See further:
Please note that none of this is legal advice and cannot be relied on as such. I am not your lawyer.