By checking "I Agree" (to the site's T&C/PP) you are opting in. By presenting the T&C/PP you are laying it all out and making it clear.
At the end of the day, if you are making an on-line order for a physical item you want delivered, they will need certain data about you to process the order and deliver.
If a user doesn't like that, they can leave the site and get on down the high-street.
There is an awful lot of reading on GDPR, but the jist I get in a nut-shell is: always giving users options, being transparent about data you keep, and offering the rights for data disclosure and erasure.
I know that's a huge dumbing down of a huge topic, but it's almost too huge for its own good.