(78) 關於個人資料處理之權利及自由保護必須採取適當之科技化且 有組織的措施，以確保符合本規則之要求。為了得以證明符合本規則， 控管者應採取符合特別是設計與預設資料保護原則之內部規則與執 行措施。該等措施得包括但不限於個人資料處理之最小化、盡可能將 個人資料予以假名化、個人資料之處理與作用予以透明化、使資料主 體得以監控該資料處理、使控管者得以創造與提升安全功能。在開發、 設計及選用處理個人資料或透過處理個人資料完成其任務之應用程 式、服務與產品時，產品、服務與應用程式之製造者應被鼓勵在開發 與設計此類產品、應用程式時將資料保護權納入考量，並在考慮適當 之技術狀態下，確保控管者和處理者得以完成其資料保護之義務。在 公開招標之過程中，設計與預設資料保護原則亦應納入考量。
(78) The protection of the rights and freedoms of natural persons with regard to the processing of personal data require that appropriate technical and organisational measures be taken to ensure that the requirements of this Regulation are met.
In order to be able to demonstrate compliance with this Regulation, the controller should adopt internal policies and implement measures which meet in particular the principles of data protection by design and data protection by default.
Such measures could consist, inter alia, of minimising the processing of personal data, pseudonymising personal data as soon as possible, transparency with regard to the functions and processing of personal data, enabling the data subject to monitor the data processing, enabling the controller to create and improve security features.
When developing, designing, selecting and using applications, services and products that are based on the processing of personal data or process personal data to fulfil their task, producers of the products, services and applications should be encouraged to take into account the right to data protection when developing and designing such products, services and applications and, with due regard to the state of the art, to make sure that controllers and processors are able to fulfil their data protection obligations.
The principles of data protection by design and by default should also be taken into consideration in the context of public tenders.
The latest consolidated version of the Regulation with corrections by Corrigendum, OJ L 127, 23.5.2018, p. 2 ((EU) 2016/679). Source: EUR-lex.