Follow
Cookies are just a technicality, what GDPR regulates is personally identifiable information - be it a cookie, be it a device fingerprint. At the same time GDPR doesn't require explicit consent for essential data like you don't have to consent to your IP being stored in Nginx logs for a brief period of time or Django setting session cookie.