Yeah it’s not that big of a deal really. Mostly overseas there’s stringent laws but overall it’s about what you as company or organization do and how you handle customer data. Basically, if you don’t handle any of that, it’s just respectful and best practice to let the customer know your site collects cookies to operate. If the visitor doesn’t want cookies they click deny, which would need custom coding on your part.
That’s pretty much it. Nothing complicated. Unless you’re a medical practice, etc. Then you’re doing something completely different. Otherwise a simple notification is enough.