Call for Consultant - Data Protection Policy and Procedures

About ABAAD

ABAAD– Resource Center for Gender Equality is a UN ECOSOC accredited organization that aims to achieve gender equality as an essential condition to sustainable social and economic development in the MENA region. ABAAD advocates for the development and implementation of policies and laws that enhance women’s effective participation, through a rights-based approach that would bring about tangible change to gender justice. With the purpose of ending gender-based violence, ABAAD adopts a holistic care approach to provide protection and support services to GBV survivors/right holders during times of peace, war and disasters since 2011.

Overall goal of this assignment

Developing a robust data protection policy and procedures that aligns with national and international data protection regulations and best practices. The policy should encompass all aspects of data handling within ABAAD from data collection to storage, archiving, accessibility, managing, transfer and destruction, ensuring the safeguarding of rightsholders’ data privacy and security. ABAAD operates 7 model centres, 3 safe shelters and one men centre, across Lebanon through which, specialized prevention and response services are provided to at risk or survivors of GBV.

Timeline

This assignment is expected to be delivered by June 2024

Deliverables

The policy should include:

• Comprehensive assessment of ABAAD current data handling practices across all ABAAD programs (specially case management and HELPLINES’ Call log Data Management) and support units, including Human Resources, MEAL, Accountability, Finance, logistics and procurement.  
• Define clear data protection principles to guide all data handling activities within ABAAD
• Develop guidelines for the ethical and secure collection, processing, and use of data, ensuring consent and purpose limitation
• Outline procedures for secure data storage and archiving, including both online and physical data, to prevent unauthorized access, loss, or breach
• Establish protocols & flowchart procedures for the access, disclosure, and transfer of data within and outside ABAAD, ensuring data is shared securely and lawfully
• Implement auditing measures, including spot checks and regular audits, to ensure compliance with the data protection policy and identify areas for improvement.
• Develop comprehensive security measures for protecting data stored online and physically, addressing potential risks and vulnerabilities & different scenarios’ management
• Ensure the policy respects and protects the rights of data rightsholders, including the right to access, correct, and delete their data
• Define accountability mechanisms for data protection, including procedures for reporting and managing data breaches effectively.
• Develop protocols for secure online data storage to include advanced security measures for protecting data stored online, encryption, secure password policies, and the use of secure, reputable cloud storage services that comply with international data protection standards. The protocol will also specify guidelines for the physical security of data storage devices and facilities to prevent unauthorized access.
• Develop protocols for emergencies (i.e. need for evacuation in times of crisis), prioritization of data to be moved, methods for secure data transfer (e.g., encrypted drives, secure cloud uploads, physical files), and procedures for ensuring the continuity of data protection practices during and after the relocation. The protocols should also address the restoration of data security measures post-crisis and assess any potential data breaches or losses.

• If needed, to develop specific procedures for
  • Model centres
  • Men Centre
  • Jina Dar
  • Safe shelters
  • SAFELINES (central and per area)

SKILLS REQUIRED

• Proven expertise in GBV guidelines, data protection, privacy laws, and security practices.
• Experience in developing and implementing data protection policies, preferably within the non-governmental organizations sector.
• Familiarity with the specific data protection challenges faced by GBV, gender equality and human rights organizations is an advantage.
• Strong analytical, strategic, writing, and communication skills.