The ability to harness technology in crisis management has enabled an increase in wide-scale interagency collaboration. This development has occurred alongside a move to accumulate and analyse crowdsourced responses. Given the scale and the nature of the information accessed and collected, there is a pressing need to ensure that technology is developed in a way that protects the interests of end-users and stakeholders. Privacy impact assessments (PIAs) are increasingly used, in certain jurisdictions legally mandated, in projects to foresee risks to privacy and to plan strategies to avoid these. Once implemented, the EU's General Data Protection Regulation will, in certain circumstances, require the need for a PIA. This study focuses upon the PIA process in an EU-funded project with the aim of developing cloud-based disaster response technology. It introduces the project and then gives a background to the PIA process. Insights and observations are then made relating to how the PIA operates, with the aim of drawing conclusions that can both improve the current project and be transferable to other crisis management-focused projects.