(78) The protection of the rights and freedoms of natural persons in connection with the processing of personal data requires the implementation of appropriate technical and organizational measures to ensure compliance with the requirements of this Regulation. In order to be able to demonstrate compliance with this Regulation, the controller should adopt internal policies and implement measures that comply in particular with the principle of data protection by design and the principle of data protection by default. Such measures may consist of, among other things, minimizing the processing of personal data, pseudonymizing personal data as soon as possible, being transparent about the function and processing of personal data, enabling the data subject to monitor the processing of data, enabling the controller to create and improve safeguards. If applications, services and products are developed, designed, selected and used that rely on the processing of personal data or process personal data in order to carry out their task, the manufacturers of such products, services and applications should be encouraged to take into account the right to personal data protection when developing and designing such products, services and applications, and with due regard to the state of the art, ensure that controllers and processors are able to meet their data protection obligations. The principle of taking data protection into account during the design phase and the principle of data protection by default should also be taken into account in public tenders.