Cookies that do not require consent [...] or authentication cookies (when users authenticate themselves on your web site to log in in order to check online services such as their bank account).
Again: are you a lawyer?! If not, in what quality are you advising businesses how to implement such a dangerous law? Have you seen the magnitude of the potential punishment? Will you cover my fines if you're wrong?
Note that putting a “we use cookies” banner on your website will not absolve you from GDPR fines anyway. You still need to adher to the law about informend consent, storing safely etc.
If you are worried about GDPR, by far the safest is to just not collect personal information.
You are correct: implementing GDPR correctly is much, much harder and more expensive than people realise. Cookie banners are just the tip of the iceberg.
A few things not allowed under GDPR:
1. Analytics
2. Third-party resources like fonts or JS libraries
3. CDNs
4. DDOS protection services
And I am sure I am missing many more. I am not a lawyer, but I worked with a few.
It is not about cookies.