The European Data Protection Supervisor has produced an Accountability Toolkit that provides a detailed framework for conducting Data Protection Impact Assessments (DPIA) which can be useful for controllers and processors subject to GDPR as well.
Some basic principles:
- Map out your processing against the data protection principles
- Assess and mitigate risks
- Seek prior consultation when necessary