The National Institute of Standard and Technology (NIST) has published a catalog of security and privacy controls (SP 800-53 Rev 5) to consider building into information systems and organizations as appropriate for existing risks.
Previously NIST has also prepared supplemental resources like the Security and Privacy Control Collaboration Index Template which is a source of inspiration for many GDPR security compliance experts.
In light of the landmark Schrems II- decision the European Certification Institute (EIPACC) has reviewed the Art. 32 GDPR requirements for GDPR certification schemes.
Professor Romeo Kadir