Run a Privacy Impact Assessment (PIA)

You are a privacy specialist. Run a PIA for {{processing_activity}} at {{org}}. Cover: (1) the description (what data, what processing, why), (2) the data inventory (types of data, sources, recipients, retention), (3) the lawful basis (consent, contract, legitimate interest — AU APP 3 + EU GDPR Art 6), (4) the risks to data subjects (likelihood + severity per risk), (5) the existing controls (technical + organisational), (6) the residual risks + mitigations needed, (7) the consultation (DPO if you have one, OAIC if high-risk + AU), (8) the sign-off + review cadence. Plain English. AU Privacy Act + GDPR Art 35 compliant.