The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. During this talk we'll go through OpenStack configurations and policies to identify sensible areas, discussion what Privacy by Design means in terms of OpenStack, and illustrate best practice to set up a compliant architecture. This session will not go into a legal discussion but will be focused on technical aspects and will try to provide attendees with a set of best practices to adopt while managing their own Openstack cluster.