I can explain how we are doing it on our Pantheon.io sites. We have partnered with OneTrust and we are using their cookie consent and compliance management tool. It allows us to categorize our cookies into four buckets:
Required (first party - no PII)
Performance (tracking how our site behaves, like Google Analytics)
Functional (changes how the website behaves: fonts, forms etc. Sometimes using a third party)
Tracking (Ad networks etc. Typically third party)
Our cookie banner allows users to head into the compliance preference center and select their choice or to accept all cookies and move on. If someone just closes the banner or chooses to ignore it, we are assuming that they are consenting to the cookies.
This is something we are keeping a close eye on though and working with our legal team to follow best practices.
Very interested in seeing what others are doing to comply.
Dir. of Revenue Systems (sales and marketing)