The law is very straightforward and can be quite easily implemented by anyone. Notable exceptions are finance institutions where GDPR is superseded by relevant financial laws of each country.
There are explainers, compliance checklists, whatever you want to implement it. It was three years before it went in effect, and it's been 3 years since it went into effect. If you don't understand it by now, you definitely don't deserve to be handling personal data.
The only straightforward thing about this law is how ignorant were its creators.
The cost of implementing it was in the billions. The human time cost paid for all those damn cookie popups we keep having to click on is probably already in the thousands of life-times wasted, and it keeps on growing.
> The cost of implementing it was in the billions.
Cry me a river. If you was careless with users' data, who cares?
> The human time cost paid for all those damn cookie popups we keep having to click on is probably already in the thousands of life-times wasted, and it keeps on growing.
Ah yes, and the problem is the law that protects users' data, and not the companies who couldn't care less about privacy.
The one on https://gdpr.eu/ is very well done. It does not break the law.
It's an example of excellence others should follow. Unintrusive. As easy to opt out as to opt in. Clear buttons, simple language. Clear text. If you prefer to ignore the banner that's fine too. On desktop it's unintrusive and you can just ignore it. I tried scrolling, it just stays out of the way. Each button is clear: "Ok", "No", "Privacy policy". Perfect. (It could be better on mobile for size, but it's still easy to click away.)
No dark patterns, dirty tricks, misleading controls, no "yes means no" controls, no "visit our 1000 partner sites to opt out" insanity, no other dirty tricks. You will not "accidentally" end up tracked when you didn't want to be. You will not be misled into believing a 70% screen size, deliberately slow panel is required.
Panels on other sites are deliberately slow and harder to opt out of. They want you to be annoyed. That's because they want you to believe the GDPR requires stupid, slow, large, intrusive, complicated banners. So that you will tell everyone how bad the GDPR is. But the GDPR doesn't require those things. In fact, when you see a banner that says "due to the GDPR we must..." it is often a straight up lie, and parts of the banner are against the law, not required by it.
https://gdpr.eu/ - thanks for highlighting that great example. I will take that as inspiration next time I need a good quality, sleek, fast, easy, compliant and user-friendly banner.
Such banners are not required, though. My sites don't have cookie banners and that's fine. They don't track users against the expectations of the users. My sites do have optional logins, user identification, and use cookies for those things, but logins don't require cookie banners because people expect their identity to be tracked by the act of logging in. And, importantly, their identity used only for what users would expect. My sites do have basic request logging and monitoring too, as you would expect for security and ops, but again those don't require cookie banners if they are done respectfully.
There are explainers, compliance checklists, whatever you want to implement it. It was three years before it went in effect, and it's been 3 years since it went into effect. If you don't understand it by now, you definitely don't deserve to be handling personal data.