This document provides a framework to assess a specified data processing operation (or a set of specified data processing operations) as to whether data is handled in accordance with the EU directive and to assess whether there is an adequate system of measures and procedures in place to comply with the directive. In addition, this best practice document provides a framework to assess whether the organisation has appropriate control over its personal data protection arrangements.