Does GDPR apply to first-party cookies?

Yes, GDPR may apply to first-party cookies. As per the regulation, websites need consent from users before they can use cookies that collect personal data. This rule applies to both first-party and third-party cookies. 

Websites must get clear consent from users before using cookies. But, some basic first-party cookies don’t need consent because they are essential for the website to work. Any cookie that is not essential requires the user’s consent before being used.