[EsssM7QVMehFPAs]

You most certainly do, even if it might not yet be prosecuted.

See article 6 1/a-f for lawfulness of processing.

Without consent there only remain select few conditions, none of which apply to the operation of GA for visitors without a legal contract with the site operator on a different level (ie. customer relationship).

It is only a matter of time..

[detaro]

I'd not label that as "certainly", quite a few lawyers disagree about 1f not being applicable for basic, ano-/pseudonymized analytics.

[donohoe]

There is much confusion as there is both the Directive 2009/136/EC (aka EU Cookie Law) AND GDPR

EU mandated that all websites (residing in EU) to obtain informed consent before they can store or retrieve information on a visitor's computer or web-enabled device.

This is not limited to "cookies". The law doesn't even mention the word "cookie". It covers localStorage and any TBD technology in the future.

There are exceptions for "strictly necessary" like a store would not have to get consent to operate a shopping cart on the website as thats can be considered critical to the purchasing and checking out. However storing what you browsed for recommendation purposes is not, and therefore that would require consent.