The General Data Protection Regulations (GDPR) forms part of the Data Protection laws that are applicable in the UK, the most recent amendment was the Data Protection Act 2018.
The subject of GDPR compliance for websites is vast, and applies to any information processed or captured by websites. Therefore this legislation would apply to cookies if they are capturing personal data. Generally explicit consent needs to be obtained to use/capture personal data.
Further information about GDPR can be found on the ICO website here:
Whilst this information is helpful, you may find your business requires more in depth information.
I would suggest purchasing a book on the subject.
There are lots of GDPR books available, some of which you can find on Amazon here: Amazon GDPR Books
Below is a selection of some of books that some people have found useful:
Free GDPR webinars are available here: https://www.itgovernance.co.uk/webinars/eu-gpdr-webinar