I have read all of the excellent posts and training here about being GDPR compliant.

I have implemented two actions I believed would be sufficient to be compliant based on my reading.

I generated a Cookies policy using https://cookiepolicygenerator.com/generator which I added to my privacy policy.

I also installed a cookie plugin, https://wordpress.org/plugins/cookie-notice/
which informs all visitors about cookies by displaying a message at the bottom of the page, stating, "We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it." followed by an OK button. The message stays visible at the bottom of the page until the visitor clicks OK.

However when I used Cookiebot - https://www.cookiebot.com to test whether my website is GDPR compliant I received the thumbs down.

According to their documentation ALL the following is required to be compliant:

1) Clear and specific information about data types and purpose of the cookies.
2) Full documentation of all consent given.
3) The possibility that users can opt to reject superfluous cookies and still use the website.
4) The possibility that users can withdraw their consent whenever they want.

CookieBot offers to assist of course. They have a free option if you have one domain as long as you have less than 100 subpages otherwise you have to pay.

So is this really necessary? Is anybody using CookieBot on the free plan? Feedback?

I thought I was across this topic but now I am more confused. Any help is appreciated. Thanks.