GDPR has brought privacy and security into the spotlight, but it’s still not obvious to developers how to make this a part of everyday development. The term "privacy by design" has been around since 1995, but is only now receiving the attention it deserves, providing a clear set of principles that can be used to embed privacy into development workflows. Modern tools are great at automation, but how can we use them to build auditable privacy into our projects in the same way that we handle documentation and testing? This talk covers a quick overview of GDPR, introduces the seven foundational principles of privacy by design with practical examples, and discusses how these principles can be used to embed privacy at the deepest levels of your applications. There are rumours that there may be a special appearance by Privacy Spiderman!