In recent years we’ve seen a growing awareness of privacy and security issues, particularly in the wake of seemingly endless data breaches and Edward Snowden’s revelations. After many years of inconsistent legislation, the EU’s powerful General Data Protection Regulation (GDPR) came into force in May 2018, raising privacy and data protection standards dramatically, and increasing exposure for companies both inside and outside the EU. GDPR’s effects are being felt around the world, helping users to regain control of their own data both inside and outside Europe. As part of this, privacy by design provides a primary line of defence between companies and terrible headlines. All too often legal departments have no contact with developers, and the only time the right conversations happen is when something has gone horribly wrong and it’s too late. We need to fix this – developers need to be aware of legal responsibilities because it is implementation details that matter. This talk covers security vs. privacy, what’s in GDPR, controllers and processors, data protection rights and principles, privacy by design, and more. This talk features a special appearance by Privacy Spiderman!