I've pointed to these folks before; they're a design studio doing excellent work on privacy and consent. Here's a great article at IAPP on how they have analyzed and captured their own use of personal data as GDPR enforcement approaches. It's a microcosm of how big orgs should perhaps be doing it. (And Jim H, they're using GitHub to capture the diffs to their data use statement... :-) )