This is a very tricky question, as there are many types of biometric technologies that use different markers, have different error thresholds, and are deployed in different contexts. And, this is not going into multi-modal biometrics or second-generation systems. I delivered classes on biometrics a few years ago and students tended to rely on this report as a good, practical and clear guide:
Consider for the guidance of the privacy and data protection aspect the "Privacy by design" approach. You find a usefull summary at: https://www.enisa.europa.eu/topics/data-protection/privacy-by-design
For validation you do a Privacy Impact Assessment (PIA).