IMHO, If your site stores cookies on the visitor’s local computer, or if it captures any personal information (newsletter signup, contact forms that ask for name/email), or if the hosting place captures requests in a log, then you need GDPR compliance. Of if you use any analytics information, as in Google Analytics
You can look at what cookies your site stores via your browser’s Developer Tools (usually F12), then look at the Storage tab. You will see cookie values stored. It is probable that your site meets any one of the above conditions.
I needed a simple solution for my site – just a ‘ok’ (positive acceptance) of the use of cookies. There are many plugins to do that, but most (again, IMHO) were a bit too much for my needs. So I wrote my own plugin (“Simple GDPR“) which was released yesterday. It meets (again, IMHO/IANAL) the requirements for GDPR.
As a bonus (because I needed the feature), it will allow you to enter your Google Analytics ID, and then does server-side analytics post to GA. This allows GA data to be captures even if the visitor has ad-blocking (client-side GA tracking via JavaScript is often blocked by ad blockers, so your GA data is not complete).
So, again with the caveats of IMHO and IANAL, I think that all WP (and non-WP site) need to have some sort of GDPR compliance. My plugin (among others) will provide that compliance.
(I discuss this issue in my little blog here http://securitydawg.com/gdpr-and-analytics-and-compliance/ . There are code samples there if you want to roll your own.)