Data protection processes must be considered in almost any business. The GDPR provides for an obligation to implement mechanisms and tools in order to protect data subjects' rights from the early stages of the business case. Thus, the notion of Data Protection by Design as stated in Article 25 of the GDPR is seen by many data controllers and processors as a burden. The idea that privacy by design hinders the potential for innovation and competitiveness in the digital market is very common, hence the fear that it may not be conciliable with most business plans. At the crossroads of legal sciences, socio-economical, innovation, and entrepreneurship research, the present research endeavour aims at counteracting the aforementioned received idea. The purpose of this doctoral research project is to find a systematic method thanks to legal and empirical research in order to determine how the mechanisms of co-regulation in the Data Protection by Design approach must be designed as a means to be turned into a competitive advantage. To do so, this research endeavour focuses on the mobility sector, as the trade-off between the innovation potential of movement and geo-localization data often collides with the protection of data subjects.

For this purpose, GDPR certifications - according to Art. 42 and 43 of the GDPR - can act as leverage through which controllers and processors can indeed make sure they comply with the legal requirements on the one hand, and, on the other hand, turn this compliance into a competitive advantage. To get an accurate picture of the role data protection and GDPR certifications play in practice, your perspective is essential.

In order to answer the question of how the certification process can result in a competitive advantage, a major part of the thesis will be based on an empirical study taking the form of qualitative interviews. Indeed, it is interesting to directly ask the stakeholders involved.