If your project involves (or is likely to involve) the handling of personal information, you should consider undertaking a Privacy Impact Assessment (PIA) at a sufficiently early stage.

Depending on the nature and scope of your project, it may be sufficient to contact the University’s Right to Information and Privacy Office for advice.

In some cases, a formal privacy impact assessment (PIA) may be required, especially in cases where your project:

  • is large-scale (for example, the introduction of a University-wide business system); or
  • involves:
    • personal information of a sensitive nature; or
    • the collection of new types of personal information, or a new method or channel for the collection of personal information; or
    • potentially contentious use and/or disclosure of personal information.

If your project involves the processing of EU residents’ personal data in respect to a “GDPR activity” of the University, and where that processing is likely to result in a high risk to the rights and freedoms of those individuals, a formal PIA may be a mandatory requirement.  Further information should be sought from UQ’s RTI & Privacy Office in such instances.

For advice, assistance and resources regarding PIAs, please refer to UQ’s RTI & Privacy website or contact the RTI & Privacy Office.