I just inherited the duty of updating content for our small non-profit web site. The site was composed 5+ years ago using Jumla 2.5 and has several 3rd party plug-ins. It also has an external (internationally available) store which is managed through Big Commerce. We dont specifically use cookies, but some of the components apparently do since when I check my browser security/cookies both the main url and the store url show some cookies saved.

Do we have any exposure regarding GDPR?
Do we need some sort of cookie policy banner on the site?
Any other comments or suggestions (how/where to get started) regarding this would be appreciated.