Has anyone found a free or low-cost GDPR-compliance solution that works with a small Squarespace site, that is actually compliant with GDPR legal requirements?
After spending the afternoon reading, it doesn't appear that the [cookie banner] GDPR solution that Squarespace makes available to its own customers is compliant. Interestingly, it is also not the one they use for their own corporate website(s).
A cookie banner alone does not meet GDPR requirements. There must be valid, documented, reversible and renewable consent. Consent must be obtained prior to processing, and be transparent and customizable by the site visitor (i.e. necessary cookies, other cookies listed by type). Someone who gave consent must be able to revoke consent. "Documentation" means a secure consent repository/database so that we, as site operators, can provide proof that consent was obtained. The database needs to store a record of each user's consent, including how they consented, exactly what they consented to, and the date/time they gave their consent.
Since I am not an expert in GDPR, there may be other requirements that I missed. My "solution" for the past 3 years has been to turn off all cookies and explicitly state that the site is not intended for site visitors from the EU. This goes against the purpose of the website, and is not a satisfactory solution by any measure.