Privacy and personal integrity has become a focus topic, due to the upcoming GDPR deadline in May 2018. GDPR puts limits on data storage, retention, and access, and also give users rights to have their data deleted and get information about the data stored. This constraints technical solutions, and makes it challenging to build systems that efficiently make use of sensitive data. This talk provides an engineering perspective on privacy. We highlight pitfalls and topics that require early attention. We describe technical patterns for complying with the "right to be forgotten" without sacrificing the ability to use data for product features. The content of the talk is based on real world experience from handling privacy protection in large scale data processing environments.