The GDPR and other laws mandate privacy by design, but the obligation is often vague and challenging to implement without a technical privacy review (TPR). TPRs supplement privacy impact assessments to identify privacy issues early in product development. This checklist offers practical steps for organizations on how to achieve privacy by design through a TPR. It is based on a simulated TPR of an app that uses a large language model, and leverages information contained in our in-depth articles discussing privacy assessments, privacy operations and auditing, data governance, vendor risk and product counseling. See “How to Achieve Privacy by Design With a Technical Privacy Review” (Apr. 17, 2024).