The task of the Data Protection Officer (or other responsible person) is to monitor that the Data Protection Regulation and other data protection requirements are complied with in the organisation's operations.
In making her assessment, the responsible person shall take into account the risk associated with the processing operations and of the nature, extent, context and purposes of the processing of personal data.
GDPR encourages the introduction of a number of general codes of conduct and certification mechanisms, data protection shields and marks, especially at the European Union level.
The idea behind all of these is to show that the processing is in line with good data processing and data protection requirements. The European Data Protection Council will gather all available certification mechanisms publicly available.