Independent General Data Protection Regulations (GDPR) Compliance Assessment
Background and Context
Triggerise Stichting is a Dutch non-profit founded in 2014 that implements health and wellbeing programmes in seven countries, primarily in Sub-Saharan Africa and India. Our Tiko platform has a simple frontend, designed for anyone to use regardless of phone ownership, tech ability, or even literacy. The backend is more complex, providing us with the ability to connect different partners, offers, and services; introduce behavioral nudges and restrictions; and analyze the real-time data. This data enables us to monitor performance; motivate behavior through rewards, reminders, and follow ups; and pay demand generators and service providers based on results. Triggerise’s platform generates real time data, and we continuously use this data to make the programme more relevant to users while prioritizing interventions that data show is most effective. We utilize behavioral insights gleaned from our call centers, rapid evaluations, longitudinal studies, and feedback to improve user journeys and ensure the platform meets the needs and aspirations of end-users.
Scope of Work
When users use Tiko platforms, they are trusting the system with their information. Triggerise understands that this is a big responsibility, and works hard to protect their information and put them in control. Triggerise is also very committed to ensuring that processing of personal data complies with EU General Data Protection Regulations (GDPR). Triggerise is looking for a consultant to conduct a GDPR compliance assessment to independently determine whether our existing controls, policies and procedures demonstrate compliance. In undertaking this task, the consultant will assess GDPR compliance across all Triggerise business units reviewing existing controls, policies, and procedures.
Expected Deliverables
The consultant is expected to:
- Submit a report that summarizes evidence of our compliance, gaps and remediation recommendations.
- To have completed the engagement and provided the deliverables by 15th December 2022.
Required Skills and Expertise
We are seeking a consultant with technical expertise and experience in execute data verification of a system
- Demonstrated experience and expertise in undertaking conducting GDPR compliance audits/assessments for e-data
- Expert command of Excel
- Ability to translate complex inputs and outputs to a non-technical audience
- Ability to respond to comments and questions in a timely, appropriate manner
- Excellent verbal and written communication in English required
Evaluation Criteria
Proposals will be assessed against the following criteria:
Expertise, experience, and composition:
- Expertise and experience in carrying out GDPR compliance audits/assessments for e-data
- Team expertise in undertaking similar work
Total Weight: 40
Strength of the technical proposal:
- Overall strength of proposed methodology, including the ability to address the specific tasks outlined above within the anticipated timelines
Total Weight: 40
Budget:
- Value for money. Maximum available for this consultancy is 8,000 Euros.
- Detailed outline of the cost to conduct the assessment.
Total Weight: 20
How to apply
Firms and individuals are invited to submit proposals for this engagement. Proposals should include all relevant information including proposed approach, workplan, budget, capacity statement, qualifications to undertake the work and references.
The submission must be clear, concise, and complete. Applicants should submit only such information as is necessary to respond effectively to this request for proposals.
All applications should be sent to grants@triggerise.org by the 30th September 2022 with “GDPR compliance assessment” in the subject line.