Today’s digital Business Models challenge the concept of privacy of the previous century. As a legislative approach to keep up with the rapid technological change, the European Union has passed the General Data Protection Regulation (GDPR), which will be effective in May 2018. For companies, this implies extensive changes in established processes and new organizational duties. With this work, we aim to develop an understanding and concepts that support an organization consisting of people, processes and IT systems in the implementation of privacy regulation. The central result will be patterns, i.e. observed successful approaches of how to address specific requirements of the GDPR.