On 23rd May you're going to need to tell visitors to your website what information you're tracking about them.  From Slashdot:

The Information Commissioner's Office has, with just over two weeks to go, given its interpretation on what websites must do to comply with new EU regulations concerning the use of cookies. The law, which will come into force on 26 May 2011, comes from an amendment to the EU's Privacy and Electronic Communications Directive. It requires UK businesses and organizations running websites in the UK to get informed consent from visitors to their websites in order to store and retrieve information on users' computers. The most controversial area, third-party cookies, remains problematic. If a website owner allows another party to set cookies via their site (and it is a very common practice for internet advertisers) then the waters are still muddy. And embarrassingly for the Commission — it's current site would not be compliant with its new guidelines as it simply states what they do and does not seek users' consent."

As with many regulations that small businesses have to deal with, this is poorly thought out and those managing / creating it don't seem to understand either business or technical realities.  In particular there are two areas of concern:

1. Session cookies - these are stored any time during a browsing session on a site.  They're vital for e-commerce, sites where you login or indeed any proper functionality.  They shouldn't pass data back to the server about the person, but simply store something called 'state' - which is where a user is inside your website.  After the session ends (which is when a browser is closed or the session times out on the server) these should disappear.  Why these are included in the regulation is a mystery... but they apparently are.

2. Third party cookies - use Google Analytics, Facebook Likes, Google Calendars, Youtube videos - you name any external functionality on your site, you can bet they are also setting cookies.  You need to tell users what they collect too!  It's a bit of a nightmare, and even the ICO doesn't really seem at all clear as to what they are proposing.

What to do?

First, find out what your site is storing on people's computers.  Best way to do this is go to Firefox, go to Tools > Start Private Browsing, go to your website and then go to View > Options / Preferences.  Here you will see a tab called 'Privacy', open it and see what cookies are stored and from where.

Then you need to do a little write up on your site saying what cookies are stored and from where.

There is a grace period from 23rd May - but I'm not sure who that is for.  Us companies trying to find time and technical support to do this, or for the ICO to figure out what a cookie is.