(77) Guidance on how to implement appropriate measures and demonstrate compliance by the controller or processor - in particular with regard to identifying processing risks, assessing them in terms of the source, nature, likelihood and severity of the risk, and best practices to minimize those risks - may be provided in particular in the form of approved codes of conduct, approved certification, European Data Protection Board guidelines, or through suggestions by the Data Protection Officer. The European Data Protection Board may issue guidelines also on processing operations that are not considered likely to pose a high risk of violating the rights or freedoms of individuals, and indicate what measures may suffice in such cases to address such risks.