Labels, seals and trustmarks as evidence of a "privacy by design" approach
However, adopting a "privacy by design" approach to manufacturing product or providing services could turn out to be a win-win relationship for businesses and consumers alike. Beyond the threat of sanctions, businesses are offered the opportunity to demonstrate their committment to protecting European values and fundamental rights, and win the trust of their customers.
Supportive of these efforts, the Regulation provides that approved certification mechanisms may be used to demonstrate compliance with the privacy by design principle.
Article 25 of the General Data Protection Regulation requires data controllers to translate data protection principles in technical and organisational measures "both at the time of the determination of the means for processing and at the time of the processing itself". Service providers and products manufacturers targetting European citizens will need to integrate data protection requirements from the inception of building a new service or product.
Practically, this provision calls for the wide adoption of encryption, anonymisation or pseudonymisation techniques and other "Privacy-Enhancing Technologies", depending on the nature of the product and risks for fundamental rights.
Even though supervisory authorities shall take into account the cost of implementation, this essential principle will necessarily entail significant costs for businesses.