While the EU's GDPR and ePrivacy (now undergoing reform) provide people with additional control over their personal data, they do expect organisations to perform significant adjustments to their processes and workflows and to implement particular measures. Most open-source projects make no exception and are consequently expected to comply with the extensive legal and technical requirements; not to forget software developers, engineers and technologists who are additionally tasked with implementing privacy-enhancing mechanisms. The participants of this session will explore the fundamental requirements of the GDPR and the current ePrivacy Directive and will also discover the important connections between the GDPR and the upcoming ePrivacy Regulation. More importantly, they will be presented with the most frequent Do's and Don'ts of the post-GDPR era. Last but not least, the session will highlight and showcase some of the best practices adopted by the wider free and open-source software community and provide an opportunity to brainstorm about the next steps to further improve compliance.