I'm all in for simple solutions and showing transparency about how user data is handled is imho in the sense of the GDPR.
In terms of cookies it seems to me the way to comply best with is, grouping cookies for example by required/functional/advertising and to let the user decide what is acceptable. Also sending a user to the browsers cookie settings and expect to manage his gazillions of cookies there, isn't acceptable in the probably near future.
There are already some commercial solutions to kind of allow this (not advertising any of the shown services)
Not knowing all of the technical implications, can somebody explain what's necessary to make something this possible within Plone and are there maybe already OSS solutions for it?