This document provides an overview of the General Data Protection Regulation (GDPR) for identity architects. It discusses GDPR requirements such as data protection impact assessments, data processing records that must be maintained by controllers and processors, and data subject's rights. It also discusses principles of identity and access management design and best practices related to GDPR compliance. Finally, it includes links to Facebook and Google's cookie and data use policies.