Consultant - Data Protection & Privacy Systems Strengthening - DRC
Mercy Corps is a leading global organization powered by the belief that a better world is possible. In disaster, in hardship, in more than 40 countries around the world, we partner to put bold solutions into action — helping people triumph over adversity and build stronger communities from within.
Mercy Corps has been operating in the Democratic Republic of the Congo (DRC) since August 2007, with a staff of around 500 people and programs focused in Eastern Congo in North and South Kivu, with the overall country goal to support vulnerable communities through crises, while fostering programs that build resilience and promote long-term change. Mercy Corps’ key programming areas include a combination of longer-term development and immediate humanitarian response programs in order to:
- Improve water service delivery and ensuring equitable access to Water, Sanitation and Hygiene services, in urban and rural areas;
- Improve food security and nutrition;
- Promote diversified livelihoods, economic recovery and development.
Purpose / Project Description:
Mercy Corps’ programs in DRC collect a wide range of data, including personally identifiable and demographically identifiable information. Programs have a range of measures in place for data management and protection that adhere to industry best practice, donor and Mercy Corps requirements, but there is a need for strengthened data protection systems at the country level in order to operationalize the agency’s Responsible Data Policy.
- Review data protection risks across individual programs.
- Review, refine and add to existing country-level resources for data protection.
- Build capacity of team members in data protection.
- Lead the drafting of country-level standard operating procedures (SOPs) for data protection.
The Consultant will:
- Complete MC Privacy Impact Assessment tool with all programs to map all of the potential data protection risks across a program.
- Review and update existing Mission-level data protection templates.
- Develop new Mission-level data protection templates.
- Train key team members in data protection.
- Formulate recommendations to inform the drafting of country-level data protection SOPs.
The Consultant will deliver the following::
- Output: Comprehensive mapping of current data protection risks/liabilities on current programs.
- Output: Third-Party Monitoring DSA (including versions for local and international data-sharing)
- Output: Consortium partner DSA (including versions for local and international data-sharing)
- Output: Other DSA templates (including versions for local and international data-sharing)
- Output: Informed consent templates for different types of data collection
- Output: Mission-level in-person training for key team members
- Output: Draft SOPs
Timeframe / Schedule:
The Consultancy will take place between February and April 2022, with the majority of the time spent in-country; preparation and deliverables finalizing may take place remotely.
The Consultant will report to:
DRC Program Performance and Quality (PaQ) Director
The Consultant will work closely with:
DRC Country Director, DRC Director of Programs, Program Directors, program M&E team members; Mercy Corps HQ Data Protection team.
Required Experience & Skills:
- Minimum of 5 years of experience with:
- Data protection, privacy or responsible data activities, including experience with data privacy/risk impact assessments, data sharing or processing agreements, data processing inventories, incident response, security training, and creating operational guidance
- Project management and business analysis
- Large, diverse, geographically dispersed organizations. Experience with international development or humanitarian settings is strongly preferred.
- Proven communication, presentation, and training skills, with experience conveying complex, nuanced information in a concise manner, for both in person and remote team members.
- Strong working knowledge of international, regional, and national data protection, privacy and breach notification laws
- CIPP or CIPM certification, or similar certification is preferred
- Willingness to work and travel in often difficult and insecure environments