Privacy Impact Assessments
If your project involves (or is likely to involve) the handling of personal information, you should consider undertaking a Privacy Impact Assessment (PIA) at a sufficiently early stage.
Depending on the nature and scope of your project, it may be sufficient to contact the University’s Right to Information and Privacy Office for advice.
In some cases, a formal PIA may be required, especially in cases where your project:
- is large-scale (for example, the introduction of a University-wide business system); or
- involves:
- personal information of a sensitive nature; or
- the collection of new types of personal information, or a new method or channel for the collection of personal information; or
- potentially contentious use and/or disclosure of personal information.
If your project involves the processing of EU residents’ personal data in respect to a “GDPR activity” of the University, and where that processing is likely to result in a high risk to the rights and freedoms of those individuals, a formal PIA may be a mandatory requirement. Further information should be sought from UQ’s RTI & Privacy Office in such instances.
To determine whether a PIA is required for your project, the first step is to complete a Threshold Privacy Assessment (TPA). Templates and guidance in relation to TPAs and PIAs are available under Staff Resources on UQ's RTI & Privacy website.
For further advice, and assistance, please contact the RTI & Privacy Office.