TERMS OF REFERENCE: DATA PROTECTION & GDPR SPECIALIST
WHO WE ARE
Girl Effect is an international non-profit that builds media that girls want, trust and need. From chatbots to chat shows, TV dramas to tech, our content helps adolescent girls in Africa and Asia make choices and changes in their lives.
We create safe spaces for girls, sharing facts and answering questions about health, nutrition, education, and relationships, empowering girls with the skills to negotiate and redefine what they are told is possible “for a girl”.
Our reach is 20 million and counting. And we’re using technology to reach girls at scale so every girl can choose to be in control of her body, her health, her learning and her livelihood.
Because when a girl unlocks her power to make different choices that change her life, it inspires others to do so too. She starts a ripple effect that impacts her family, her community, her country.
That’s the Girl Effect.
CONTEXT OF ASSIGNMENT
Girl Effect has conducted several global data mapping and GDPR projects since guidelines were published and regulations came into force in 2018. This assignment will consist of a review of current data protection and associated practices and policies, a direct update of these policies, and a review of internal compliance, ensuring that all our projects comply with data protection standards.
We require an analysis of the risks associated with our processing of personal data and areas of weakness that could lead to breaches or compliance concerns.
This work will need to take into account Girl Effect’s central business operations functions such as Operations, HR, IT and Finance as well as our girl-facing digital products that engage with adolescent girls and young women across Africa and Asia through products such as;
Websites and Messaging services (such as Chatbots and SMS)
A data collection app and data hub (TEGA)
Third-party platforms (non hosted) (such as Facebook, YouTube, TikTok, Viamo IVR line).
This is a global consultancy and the consultant can be based anywhere.
CORE INFRASTRUCTURE
All our digital brands and products are supported by a central core infrastructure securely hosted on AWS. Layered onto our infrastructure is our data platform where data from our brands is stored and visualised.
We will take the chosen candidate through a comprehensive view of all our products and brands for the beginning of the project.
EXPECTED COMMITMENT
We envisage this being a 3-month project and are flexible and open to discussing the exact volume of support required as the procurement process progresses.
INTENDED TIMEFRAME
Terms of reference published: 10th August
Deadline for responses (we will assess applications as they are received): 27th August
Supplier selection, contracting and briefing: w/c 30th August
Project commencement: 6th September
SCOPE/KEY DELIVERABLES
You will be required to review, revise and document all data policies, processes and guidance.
Conduct an internal audit and hygiene exercise of our data asset inventory and management systems
Provide training and best practices to ensure ongoing compliance and good data management.
WHO YOU ARE
Skills & Experience:
An organization or individual with a track record of enabling organisations to demonstrate ongoing compliance with evolving data protection laws
An expert in UK GDPR and data protection laws
Verifiable experience in drafting, adapting and updating client-specific data compliance policy documents and processes.
Effective communicator and writer with the ability to synthesize and communicate regulatory requirements and policy in a practical and accessible manner.
REPORTING
This engagement will be managed by the Central FinOps team.
PROPOSAL SUBMISSIONS
Interested suppliers are asked to submit a brief proposal (5-10 pages), setting out:
Their relevant experience in the domain of data protection & GDPR (an added bonus if there is experience working with Data Privacy and Protection for adolescent girls or young women)
Methodology and work plan for performing the assignment;
Detailed reference list indicating the scope and magnitude of similar assignments;
Initial thoughts on a macro approach to completing this engagement
Credentials, experience, or bios of key individuals who would be involved in the engagement, and
A detailed budget proposal. Technical and Financial proposals will need to be submitted as separate documents. Financial proposals will not be opened until the conclusion of the technical evaluation and then only for those proposals that are deemed qualified and responsive.
EVALUATION CRITERIA
The criteria against which proposals will be evaluated are listed below:
A detailed understanding of the consultancy requirements - 10%
Gives a clear outline of approach and ways of working throughout the project - 10%
Demonstrated experience in UK/EU GDPR laws and policy writing and dissemination - 30%
Staff with relevant experience as demonstrated by their CV/bios - 10%
Evidence of a minimum of three contactable references signed - 5%
Clarity of work plan and specific project activities - 5%
Clarity, relevance, reality to market value/ value for money of cost for the assignment (inclusive of any applicable tax).- 30%
GE is not liable for any cost incurred during the preparation, submission, or negotiation of the award/contract. All submitted documentation and/or materials shall become and remain the property of GE.
TAX
Applicants are advised to ensure that they have a clear understanding of their tax position with regards to provisions of the UK jurisdiction tax legislation when developing their proposals.
EQUAL OPPORTUNITIES
Girl Effect is committed to equal opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, marital status, disability, gender, gender identity or expression. We are proud to be an equal opportunity workplace.
We are committed to building an organization that is truly representative of the communities that we serve. To this end, due regard will be paid to procuring consultancy services of organizations and individuals with deep understanding and experience of our programming markets.
SAFEGUARDING
You may be required to undertake safeguarding checks. Shortlisted consultants will be assessed on our organisational values at the interview stage. The successful consultant will be expected to adhere to our safeguarding policy. We encourage you to read and understand our safeguarding policy, the executive summary of which can be found at www.girleffect.org/safeguarding. We have zero tolerance for all forms of violence against children, beneficiaries and staff.
DISCLAIMER
GE reserves the right to determine the structure of the process, number of short-listed participants, the right to withdraw from the proposal process, the right to change this timetable at any time without notice and reserves the right to withdraw this tender at any time, without prior notice and without liability to compensate and/or reimburse any party. GE shall inform ONLY successful applicant(s). The process of negotiation and signing of the contract with the successful applicant(s) will follow.**
How to apply:
**
HOW TO APPLY
Please submit proposals, as described below, to suppliers@girleffect.org by 10 am (GMT) on 27th August latest. Please clearly mark your email with the subject ‘Data Protection & GDPR TOR’’
**