Consultant - Data Protection & Privacy Systems Strengthening - DRC

Information Technology Goma, Congo (the Democratic Republic of)



Mercy Corps is a leading global organization powered by the belief that a better world is possible. In disaster, in hardship, in more than 40 countries around the world, we partner to put bold solutions into action — helping people triumph over adversity and build stronger communities from within.

Mercy Corps has been operating in the Democratic Republic of the Congo (DRC) since August 2007, with a staff of around 500 people and programs focused in Eastern Congo in North and South Kivu, with the overall country goal to support vulnerable communities through crises, while fostering programs that build resilience and promote long-term change. Mercy Corps’ key programming areas include a combination of longer-term development and immediate humanitarian response programs in order to: 

  1. Improve water service delivery and ensuring equitable access to Water, Sanitation and Hygiene services, in urban and rural areas;
  2. Improve food security and nutrition;
  3. Promote diversified livelihoods, economic recovery and development.

Purpose / Project Description:

Mercy Corps’ programs in DRC collect a wide range of data, including personally identifiable and demographically identifiable information. Programs have a range of measures in place for data management and protection that adhere to industry best practice, donor and Mercy Corps requirements, but there is a need for strengthened data protection systems at the country level in order to operationalize the agency’s Responsible Data Policy.

Consultant Objectives:

  1. Review data protection risks across individual programs.
  2. Review, refine and add to existing country-level resources for data protection.
  3. Build capacity of team members in data protection.
  4. Lead the drafting of country-level standard operating procedures (SOPs) for data protection.

Consultant Activities:

The Consultant will:

  • Complete MC Privacy Impact Assessment tool with all programs to map all of the potential data protection risks across a program.
  • Review and update existing Mission-level data protection templates.
  • Develop new Mission-level data protection templates.
  • Train key team members in data protection.
  • Formulate recommendations to inform the drafting of country-level data protection SOPs.

Consultant Deliverables:

The Consultant will deliver the following::

  • Output: Comprehensive mapping of current data protection risks/liabilities on current programs.
  • Output: Third-Party Monitoring DSA (including versions for local and international data-sharing)
  • Output: Consortium partner DSA (including versions for local and international data-sharing)
  • Output: Other DSA templates (including versions for local and international data-sharing)
  • Output: Informed consent templates for different types of data collection
  • Output: Mission-level in-person training for key team members
  • Output: Draft SOPs

Timeframe / Schedule: 

The Consultancy will take place between February and April 2022, with the majority of the time spent in-country; preparation and deliverables finalizing may take place remotely.

The Consultant will report to:

DRC Program Performance and Quality (PaQ) Director

The Consultant will work closely with:

DRC Country Director, DRC Director of Programs, Program Directors, program M&E team members; Mercy Corps HQ Data Protection team. 

Required Experience & Skills:

  • Minimum of 5 years of experience with:
    • Data protection, privacy or responsible data activities, including experience with data privacy/risk impact assessments, data sharing or processing agreements, data processing inventories, incident response, security training, and creating operational guidance
    • Project management and business analysis
    • Large, diverse, geographically dispersed organizations. Experience with international development or humanitarian settings is strongly preferred.
  • Proven communication, presentation, and training skills, with experience conveying complex, nuanced information in a concise manner, for both in person and remote team members.
  • Strong working knowledge of international, regional, and national data protection, privacy and breach notification laws
  • High-level familiarity with a broad range of data protection, privacy and compliance risk areas and mitigation strategies
  • CIPP or CIPM certification, or similar certification is preferred
  • Willingness to work and travel in often difficult and insecure environments
  • Proficiency in English and French (required)

Diversity, Equity & Inclusion
Achieving our mission begins with how we build our team and work together. Through our commitment to enriching our organization with people of different origins, beliefs, backgrounds, and ways of thinking, we are better able to leverage the collective power of our teams and solve the world’s most complex challenges. We strive for a culture of trust and respect, where everyone contributes their perspectives and authentic selves, reaches their potential as individuals and teams, and collaborates to do the best work of their lives. 

We recognize that diversity and inclusion is a journey, and we are committed to learning, listening and evolving to become more diverse, equitable and inclusive than we are today.

Equal Employment Opportunity
We are committed to providing an environment of respect and psychological safety where equal employment opportunities are available to all. We do not engage in or tolerate discrimination on the basis of race, color, gender identity, gender expression, religion, age, sexual orientation, national or ethnic origin, disability (including HIV/AIDS status), marital status, military veteran status or any other protected group in the locations where we work.

Safeguarding & Ethics
Mercy Corps team members are expected to support all efforts toward accountability, specifically to our stakeholders and to international standards guiding international relief and development work, while actively engaging communities as equal partners in the design, monitoring and evaluation of our field projects. Team members are expected to conduct themselves in a professional manner and respect local laws, customs and MC's policies, procedures, and values at all times and in all in-country venues.