[lenlorijn]

GDPR only mentions cookies once.

Natural persons may be associated with online identifiers […] such as internet protocol addresses, cookie identifiers or other identifiers […]. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.

As long as you are not building profiles of people, cookies are fine and you don't even have to ask for permission to use them. Stop collecting data you don't need, and if it is part of your business model, maybe ask a lawyer what part of GDPR actually impacts your business instead of doing what everyone else is doing or relying on internet comment sections.

[gpvos]

And as long as you aren't including any advertisers on your site which are building profiles of people (and practically all of them are). Or using Wordpress plugins that do the same, probably without telling you. Etc.

[yeahforsureman]

The article is not that wrong, though. The GDPR is quite an abstract piece of legislation and it's no wonder specific technical terms aren't used. To be precise, the article author should have perhaps talked rather about GDPR-based interpretations, consensus and enforcement.