INVITATION TO TENDER – SELECTION OF CONSULTANT FOR DATA PROTECTION COMPLIANCE SERVICES
LAGOS, NIGERIA
CLOSING DATE FOR APPLICATIONS: 2021-04-20
1.0 INTRODUCTION
The AFRICAN REINSURANCE CORPORATION (AFRICA RE) is the leading African reinsurance company with headquarters in Lagos (Nigeria). Africa Re has six regional offices: Casablanca (Morocco), Abidjan (Côte d’Ivoire), Nairobi (Kenya), Lagos (Nigeria), Cairo (Egypt) and Ebene (Mauritius). The Corporation equally has two subsidiaries: African Reinsurance Corporation South Africa Ltd in Johannesburg (South Africa), Africa Retakaful in Cairo (Egypt) and one Local Office in Addis Ababa (Ethiopia). Africa Re has a broad-based shareholding comprising 41 African member States, the African Development Bank (AfDB), 111 African insurance and reinsurance companies and three non-regional shareholders, including leading global insurers and reinsurers. The Financial Strength and Credit Rating of Africa Re is A by A.M. Best and A – by Standard & Poor’s.
The intent of this Request for Proposals (RFP) or Solicitation is to secure competitive proposals for the provision of data protection compliance services that will support and foster Africa Re’s compliance with existing key legislations requirements across the Corporation’s operational environment as well as with the Global Data Protection Regulation (GDPR).
This will include Data Protection Compliance Assessment, Personal data Inventory, Data Protection Impact Assessment (DPIA), Training and Capacity Building, Implementation of Data Protection Compliance (Drafting the Corporate Data Protection Policy in line with applicable key regulatory requirements, drafting the Data Protection Governance Model and documenting roles and responsibilities for data protection functions, etc.).
2.0 PROJECT BACKGROUND
Africa Re’s operational environment is characterized by evolving and diverse legislation and regulation requirements. The main objectives pursued through these regulations are:
• Giving citizens more control over their personal data with a view to catering for growing privacy protection aspirations.
• Introduce new rights for citizens (right to portability of personal data, right to be forgotten) in today’s data-driven world.
• Increase awareness of data regulation through a system of penalties (fines).
Furthermore, the EU General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of EU residents and came into effect from May 25, 2018. The GDPR applies to any organization, regardless of their geographic location; who are either “Controller” (i.e. public authority, agency or other body who determines the purposes and means of the processing of personal data) or “Processor” (i.e. public authority, agency or other body which processes personal data on behalf of the controller), of the data of EU residents.
You need to be logged in to view the rest of the content. Please
Log In. Not a Member?
Join Us
No Comments