This paper takes an initial step forward in bringing to life the
certification mechanisms according to Art. 42 of the General
Data Protection Regulation (GDPR). These newly established
methods of legal specification act not only as a central vehicle
for overcoming widely articulated and discussed legal chal-
lenges, but also as a sandbox for the much needed close collab-
oration between computer sciences and legal studies. In order
to illustrate, for example, what data protection seals could
look like in the future, the authors propose a methodology for
"translating" legal requirements into technical guidelines: ar-
chitectural blueprints designed using legal requirements. The
purpose of these blueprints is to show developers how their
solutions might comply with the principle of Privacy by De-
sign (Art. 25 GDPR). To demonstrate this methodology, the
authors propose an architectural blueprint that embodies the
legal concept of the data subject’s consent (Art. 6 sec. 1 lit. a
GDPR) and elevates best practice to a high standard of Privacy
by Design. Finally, the authors highlight further legal prob-
lems concerning blockchain technology under the GDPR that
will have to be addressed in order to achieve a comprehensive
certification mechanism for Privacy by Blockchain Design in
the future.