This document outlines policies and procedures for managing data sharing and processing according to GDPR accountability principles. It discusses having: - Review processes to assess legality of data sharing and documentation of decisions - Clear policies and training for staff on data sharing responsibilities - Data sharing agreements signed by senior management that specify roles, purposes, and standards - Procedures to appropriately handle restricted transfers according to GDPR exemptions - Written contracts with all processors that specify obligations, security measures, and assistance in fulfilling GDPR requirements - Due diligence checks on and compliance reviews of processors to ensure protection of data subjects' rights - Consideration of "data protection by design" when selecting third party products and services - Steps