The ISO (International Organization for Standardization) published the two-part standard ISO 31700-1 and ISO 31700-2 on consumer protection and Privacy by Design for consumer goods and services on 8 February 2023. Corresponding requirements for data protection by design result directly from Art. 25 GDPR. The new ISO standard is intended to help establish a framework for the implementation of Privacy by Design. Initially, the standard is non-binding.

The ISO 31700 standard goes into greater detail than the original conceptual draft of 2009, by the then Privacy Commissioner of the Canadian Province of Ontario, Ann Cavoukian, and now contains 30 requirements instead of the seven principles.

ISO 31700-1 contains general guidance and advice on

1. To develop features that enable consumers to enforce their data protection rights.
2. To assign relevant roles and powers.
3. To provide privacy information to consumers.
4. To conduct data protection risk assessments.
5. To define and document requirements for data protection controls.
6. On the design of data protection controls.
7. On data management over the entire life cycle.
8. To prepare for and deal with data protection breaches.