We will address the complex GDPR challenges for developers as part of a Secure Development Lifecycle. This will cover: • GDPR requirements covering design, data lifecycle, users and end of life aspects • Privacy by Design challenge • Including GDPR in the Secure Development Life Cycle • Mapping OWASP SAMM to the GDPR • Integrating privacy in application security classification, awareness training, guidelines, AppSec champions, threat modeling, 3rd parties, security testing and incident management • Introducing GDPR risk patterns The talk will focus on practical implementation aspects and demonstrations of real life use cases encountered in our software security and privacy projects. Sebastien Deleersnyder (@SebaDele), Managing Application Security Consultant at Toreon, will share his practical secure development and privacy challenges experience. Sebastien led engagements in the domain of ICT-security, Web and Mobile Security with several customers in the private and public sector. Sebastien is the Belgian OWASP Chapter Leader, served as vice-chair of the global OWASP Foundation Board and performed several public presentations on Web Application, Mobile and Web Services Security. Furthermore, Sebastien co-founded the yearly BruCON conference. (attached is version as delivered in Feb-2018 which will be updated for the AppSec Europe conference)