As individuals we all want our own personal data to be protected. The university is committed to protecting the personal data which it processes, and consequently all of us as members of staff need to ensure that this happens, when we are processing third party personal data.
This might involve conducting a Privacy Impact Assessment (PIA), which will enable you to fix problems at an early stage, by identifying and minimising privacy risks. A PIA provides reassurance for individuals and for the university, and it may ensure that processes are simplified, and fewer data are collected.
You should consider doing a PIA for the following:
- Projects / plans / proposals
- Administrative systems with privacy implications
- Outsourcing a system to an external supplier
- IT systems, whether designed in-house or by an external supplier
- Sharing personal data with other bodies external to the University
- Surveys, or policies, which might have a privacy implication
- Whenever there is a potential for damage or distress to individuals
To find out whether you need to conduct a PIA, first of all work through the list of screening questions at section 1 of the PIA template form. There is also guidance documentation and a flowchart which sets out clearly when you need to conduct a PIA.
Please note: the new template replaces the existing version and must now be used.
You don't need to conduct a PIA if you are conducting research, and have gone through research ethics processes. Refer to the guidance at the link above for more information.
It may also be necessary to complete an Information Security Checklist
If your project, process or system involves software, or any IT system or product (whether designed in-house or procured externally), the Information Security Checklist should be undertaken.
If you would like more information please contact compliance@gre.ac.uk, or for advice about the Information Security Checklist please email information-security@greenwich.ac.uk.
