In essence this directive is all about user consent. Any website that captures user information using cookies must first obtain consent from the user.
Any website that employs a tracking cookie is covered by this directive, and many others too, even if they just save a few user preferences. A cookie can be classified as having either first-party or third-party status, depending on which server issues the cookie. Any embedded advertisements, popups and so on will have to be reviewed.
Unfortunately, there's no single clear cut solution to follow. Appropriate action will revolve around how the easy-to-misinterpret rules apply to your own website design. Solutions range from simply displaying a prominent message informing users that tracking is taking place, right up to giving users the opportunity to allow or block each individual piece of information (as in the much cited BT.com solution).
Metanym have a a particularly helpful and informative web page with tools and examples. Plus there's more to read in this BBC news story and the ICO's cookies guide.
Read more analysis posts.