Privacy by design is introduced in the Article 25 of the GDPR, it aims at building data privacy and data protection instruments, strategies and policies up front, into the design specifications and architecture of information and communication systems and technologies of the company.
Privacy by design states that any action a company or organization takes regarding personal data processing should take into consideration data protection and data privacy principles.