The European Data Protection Supervisor has produced an Accountability Toolkit that provides a detailed framework for conducting Data Protection Impact Assessments (DPIA) which can be useful for controllers and processors subject to GDPR as well.

Some basic principles:

  • Map out your processing against the data protection principles
  • Assess and mitigate risks
  •  Seek prior consultation when necessary

Full details in this LinkedIN article.