Consultancy on Data Protection At Global Alliance of National Human Rights Institutions

The Global Alliance of National Human Rights Institutions (GANHRI) is the worldwide membership-based network of national human rights institutions (NHRIs).

GANHRI promotes and strengthens NHRIs to be in compliance with the Paris Principles and provides leadership for the promotion and protection of human rights.

GANHRI provides a framework for NHRIs to work together and cooperate at the international level. We coordinate a wide range of activities, including annual meetings, international conferences, networks, training, and capacity building.

GANHRI works in close partnership with the United Nations Human Rights Office – specifically with the National Institutions and Regional Mechanisms Section (NIRMS) – and with the United Nations Development Programme (UNDP). We also work closely with the four regional networks of NHRIs, in Africa (NANHRI), the Americas (RINDHCA), the Asia Pacific (APF), and Europe (ENNHRI).

GANHRI is registered in Switzerland as a not-for-profit association. Our Head Office is located in Geneva at the Palais des Nations.

To learn more about GANHRI visit our website: www.ganhri.org.

GANHRI is seeking the services of a qualified and experienced service provider to support its data protection and data management needs. This initiative aims to establish a robust framework for data protection compliance, fostering a culture of privacy and security that aligns with GANHRI’s mission to uphold human rights.

1. Objectives

The primary objectives of this engagement are:

• To assess GANHRI’s current data protection practices and compliance level.
• To develop a tailored data protection strategy and governance framework.
• To draft and implement necessary data protection documents and policies.
• To provide ongoing support and advisory services as needed.

1. Scope of Work

The scope of work is divided into two phases: the core phase and the optional support phase.

Phase 1: The Core

1. Preliminary Assessment
   • Conduct an analysis of GANHRI’s data protection practices.
   • Define GANHRI’s data protection priorities through a comprehensive questionnaire.
   • Assess current compliance levels and identify gaps
2. Strategic Workshop
   • Organize and facilitate a half-day strategic workshop (in-person or remotely) to develop GANHRI’s data management program strategy.
   • Collaborate to craft a strategy tailored to GANHRI’s mission and data protection challenges
3. Privacy Notice Drafting
   • Draft a privacy notice tailored to GANHRI’s specific needs.
4. Deliverables
   • Gap analysis report.
   • Document outlining the scope, governance, and strategy of GANHRI’s data protection program.
   • A draft privacy notice.
   • Actionable plan with recommendations for immediate and long-term initiatives.
5. Debriefing
   • Conduct a one-hour debriefing meeting to discuss deliverables and next steps.

Phase 2: Optional Support

1. Internal Documents and Processes
   • Develop internal policies, processes, and procedures on data management.
   • Assist in creating DPIA assessment checklists, templates, and other necessary documentation.
   • Review and advise on agreements and contracts related to data protection.
2. Ongoing Assistance
   • Provide ongoing support and advisory services on an ad hoc basis or through a structured subscription service.

4. Deliverables

• Detailed gap analysis report.
• Strategic document for data protection program governance.
• Tailored privacy notice.
• Actionable plan with recommendations.
• Internal policies, procedures, and DPIA templates (if required in Phase 2).
• Ongoing support documentation and advice (if required in Phase 2).

5. Timeline

• Phase 1: Completion within 6-8 weeks from the start date.
• Phase 2: Timeline to be determined based on the needs identified in Phase 1.

6. Budget

• Phase 1: Estimated between CHF 5000 and CHF 6000 (excluding VAT).
• Phase 2: To be quoted based on specific needs identified during Phase 1.

7. Qualification and Experience

The service provider must demonstrate:

• Proven experience in data protection and management.
• Knowledge of international data protection regulations and best practices.
• Experience working with non-governmental organizations (NGOs) or similar entities.
• Strong facilitation and communication skills.

8. Evaluation Criteria

• Relevant experience and qualifications.
• Understanding of GANHRI’s needs and mission.
• Proposed methodology and approach.
• Cost-effectiveness of the proposal.