It's not always possible to have the privacy policy checkbox as a mandatory form field if you are integrating it with a third-party extension such as Breezing Forms, RSForms, Ajax forms, Perfect AJAX Popup Contact Form, etc. It depends on the type of form generated by the third-party extension that you are using and in particular to the way that scripts are used to manage the form submission. In some cases it could be impossible to gain control over third-party scripts, so it's recommended to keep both the GDPR checkbox for consent tracking and alongside add one more checkbox as a native control of the extension that generates the form that can be set as mandatory, so you have the better of both worlds.
By default the hook used by the GDPR component to validate the privacy policy checkbox is the form submission itself, if this doesn't work out of the box you can try to change the following parameter to hook the submit button click choosing 'Button element' or 'Custom element':
Why the privacy policy checkbox is not mandatory?
Notice that it's not possible at all to make the privacy policy checkbox a mandatory field if the form generated by a third-party extension is based on ajax submission or if it uses normal HTML elements to simulate a form. In such cases the privacy policy checkbox can be included but it's not possible to have it a required field in order to prevent the submission of data. For example RSForm Pro has an option named 'RSForm Ajax validation', to have the GDPR checkbox mandatory it must be turned off.