(no title)

It depends what you store and what you use it for if it touches the gdpr. You can run entire SaaS products profitably (as we do) without gdpr violations while having no cookie or consent banners. Just don't track users or store information you do not strictly need for your saas. Sure there are many more considerations, but this is a basic consideration.

> you can have a fully functional modern website that stores state in cookies and not put in a cookie banner.

Strictly-speaking, notification before cookies are set is required by the 2002 ePrivacy directive (article 5(3)), which includes cookies (and related technologies) under the banner of the 1995 Data Privacy Directive (later superseded by the GDPR).

The intent of the ePrivacy law is clearly not "have a banner that yells about cookies". The intent is that you only set cookies when someone, say, clicks on the Dark Mode toggle, or does something else that sets a cookie, and that when they do that, they know the data privacy implications.

Traditional uses of cookies aren't affected: "Add to basket? (this uses cookies: learn more)" isn't that onerous, nor annoying. It's a pain for our dark mode toggle, but the law was written back in the day, when the expectation was that we could actually customise our user agents.