I am working on a blog to address GDPR. Some quick answers to your questions as follows.
Is there a way to let the members choose to be okay with the registrations
Yes, this is as simple as having a Terms and Conditions checkbox on your registration page that's marked required and links to or displays your privacy policy. See the below for an example of a good privacy policy.
termsfeed.com/blog/gdpr-privacy-policy/
If the users are already registered I recommend resetting their acceptedterms database column in _comprofiler to 0 then emailing them that your terms have changed. Inform them they've for example 30 days to accept or delete their account; if they do not within 30 days you should delete them. This covers risk assessment on your part for good-faith compliance.
delete there account
This does not have to be automated. Create a Joomla contact form for them to contact you requesting deletion. You've 30 days to comply and deleting them in CB > User Management should sufficiently delete their CB and Joomla user data. You can automate this using CB Privacy and its Delete Me field.
Is it possible to choose yes or delete without typing there password again?
At this time no it's not possible for us to override the Joomla password reset functionality any further. More options maybe available once Joomla 3.9 privacy extension has been released.
krileon
