With GDPR taking effect in May, it is upping the ante for privacy violations. How does GDPR affect Open Source Projects? Specifically, how to provide Privacy by Design? Our talk will provide insights from both the legal and the technical viewpoint. With GDPR taking effect in May, it is upping the ante for privacy violations. While most of the discussion around GDPR focusses on companies, we want to present the Open Source projects side of things. There are a few variations, such as a software company running a community, and a non-profit organization, i.e. an open source software project and its community. We will focus on the first one, while also providing some advice for the latter. How does GDPR affect Open Source Projects? Specifically, how to provide Privacy by Design? For some time already, organizations (both companies and Open Source projects) started looking for best practises on how to implement one core concept: Privacy by Design. Privacy by Design has been around since the Nineties, devised back then by Ann Cavoukian, Canadian Privacy Commissioner. It is about anticipating and preventing privacy issues before a single line of code is written. This is a concept that is easy to grasp, but hard to implement. Nevertheless, there are plenty of best practices that we can share based on our experiences, implemented in our Open Source software and IT infrastructure, and want to share with a wider audience. Our talk will provide insights from both the legal and the technical viewpoint.