The General Data Protection Regulation (GDPR) came into effect on 25 May 2018. In the lead-up, organizations struggled to interpret and implement the regulation. In the coming year or two, regulators are likely to refine their guidelines in response to emerging industry practices and cases of breaches. In the meantime, regulators advise organizations to follow “best practices” and maintain an audit trail. What does this mean for web developers? In this talk we give an overview of the main principles of GDPR and their relevance to web development. For front-enders, key issues relate to ensuring users are informed about all use cases for their data, “nudging” users to give informed consent, and how users can exercise their “right to be forgotten.” For back-enders, GDPR especially presents problems concerning data security, data storage, and keeping records of user consent. We describe use cases for back-end and front-end developers working for Symfony and its ecosystem.