Expression of Interest (EOI) at Malaria Consortium


Malaria Consortium invites interested and registered Data Protection Compliance Organization(s) to express interest by submitting EOI documents for the conduction of an annual privacy and data protection audit service:

Malaria Consortium is one of the world’s leading non-profit organizations dedicated to the comprehensive control of malaria and other communicable diseases in Africa and Southeast Asia. Malaria Consortium works with communities, government and non-government agencies, academic institutions, and local and international organizations, to ensure good evidence supports delivery of effective services, providing technical support for monitoring and evaluation of programmes and activities for evidence-based decision-making and strategic planning. The organization works to improve not only the health of the individual, but also the capacity of national health systems, which helps to relieve poverty and support improved economic prosperity.

Applications are invited for:

Title: Request for Expression of Interest (EOI) – Request for NITDA Licensed Data Protection Compliance Organization Services for the Provision of Annual Privacy and Data Protection Practices Audit to Malaria Consortium

Rationale

According to the Nigeria Data Protection Regulation, every organization in Nigeria is required to conduct Data Privacy Audits once annually and a report of the conducted audit be submitted to the National Information Technology Development Agency (NITDA), Malaria Consortium is thus looking for registered Data Protection Compliance Organization to conduct an annual privacy and data protection audit service.

Objective of the Service Request

  • Conduct an annual privacy and data protection audit service in line with industry standards and best practices per Nigeria regulatory guidelines ensuring quality delivery.

Key Activities for the Service Provider
Key activities include:

  • Compliance audit and report filing:
    • Conduct an audit of the organisation’s privacy and data protection practices for the year 2021;
    • Submit a summary of the audit containing information as stated in 4.1(5) of NDPR 2019 to the National Information Technology Development Agency (NITDA);
  • Remediation support
    • Prepare and present a remediation plan to remediate identified noncompliance
  • Data Protection Impact Assessment
    • Evaluate the status of data protection compliance
    • Identify nonconformity and non-compliance risks in the organization before filing
    • Provide suggestion of mitigating actions against the identified risks
  • Training and capacity development
    • Assess the level of awareness of top management in respect of NDPR Compliance practice and training

Expected Output / Deliverables

  • Assessment review and identification of all processes that transact on personal data in the agency
  • Reviewed existing control system and provide report on its level of compliance with the NDP Regulation
  • Assessment of all third party engagement and controls around the protection of personal data
  • Preparation of management report with respect to the data audit findings
  • Provision of necessary recommendations along with a timeline geared towards bridging the gaps that are not compatible with the data protection regulation
  • Where necessary provide advice on the set up of a data protection unit within MC
  • Submission of exception report to the management highlighting possible data breach points that could compromise personal data and associated remedial actions
  • Develop a data privacy policy framework for the activity within Nigeria

Mandatory Requirements (Without which companies will be disqualified)

  • Evidence of registration with Corporate Affairs Commission.
  • Proof of tax remittance (Tax Clearance Certificate) for the last three years
  • Proof of VALID license with NITDA

Required Documents for Selection
The Service Provider shall submit the following in addition to the Mandatory requirements, but not necessarily be limited to:

  • Proof of relevant experiences- Demonstrated service delivery capacity for Data protection audit services for similar Non-Governmental Organizations (NGOs) and non-profit organizations within the last two years (2020-2021).
  • Include information on your capability of providing quality audit services -Question 1 of the BRD
  • Proof of past experience by provision of 3 contracts/P.O’s from similar Non-Governmental Organizations (NGOs) and non-profit organizations
  • Fully Complete information in below Annex and Bidder Response Document attached to the EOI
  • Positive Reference letter from not less than three similar clients (INGOs, public health).

Application Closing Date
27th April, 2022.

Submission of Documents
Applications for EOI accompanied by the relevant documents should be sent by email to: [email protected] and in the subject field state the following: MC-NG- EOI – Privacy and Data Protection Audit.

Click Here
 (MS WORD) for a detailed description of the EOI.

Related Document: Bidder Response Document (MS WORD).