I’ve seen two extreme approaches to GDPR. One typical claim is that the skies are falling, nothing can be done with data anymore, and nothing can be collected from users. The other extreme is saying: This does not apply to us, nothing will change. Both are wrong. Best protection is to get some more knowledge, and good place to start is to educate yourself. Read up on what you can. Some details will probably become more clear in years to come, but the big guidelines are already there. To keep this somewhat short, I will not be talking about organization level view, or existing software, but I will be concentrating on creating something new in year 2018.