GDPR-compliant, I think.
I use these session cookies:
That's it. They will automatically be removed after you leave the website or are functional, in the sense that the website actually needs them to work properly.
I'm still working on anonymising logfiles. They are automatically deleted after 52 weeks though.