Terms of Reference
Recruitment of individual consultant to support the Eswatini Data Protection Authority (EDPA) for the Guidelines Development
|
Client Address |
Smart Africa Secretariat 10th Floor, Career Centre Building KG 541 ST, Kigali, Rwanda, PO Box: 4913 Tel: +250784013646| +250 788-300-581 |
|
RFP#: |
139/SA/GIZ-Data Governance/RFP/10/2025 |
|
Budget |
8,500 USD- Fixed Budget Selection |
|
Release date: |
31th October 2025 |
|
Closing date: |
14th November 2025; 5:00 pm (Local time, Kigali) |
|
Contact |
For any questions or enquiries, please write to: tenderenquiries@smartafrica.org |
1. Background
The Smart Africa Alliance is a bold and innovative commitment from African Heads of State and Government to accelerate sustainable socio-economic development across the continent. Its ultimate goal is to transform Africa into a Single Digital Market by 2030.
The Smart Africa Manifesto is anchored on five core principles:
- To place ICT (Information and Communication Technologies) at the center of national development agendas;
- To improve access to ICTs, especially broadband infrastructure;
- To enhance transparency, efficiency, and accountability through ICT;
- To prioritize private sector participation;
- To leverage ICTs in advancing sustainable development.
As of June 2025, the Smart Africa Alliance consists of 40 member states, key international partner organizations such as the African Union Commission (AUC), the International Telecommunication Union (ITU), and global private sector entities. The Smart Africa Secretariat (SAS) is headquartered in Kigali, Rwanda.
2. National context – Eswatini
Eswatini has made significant progress in digital governance with the enactment of the Data Protection Act, 2022 (Act No. 5 of 2022). The Act establishes the Eswatini Communications Commission (ESCCOM) as the Eswatini Data Protection Authority (EDPA). The EDPA is mandated to oversee compliance, regulate data processing, and protect citizens’ right to privacy.
Despite this milestone, assessments have identified pressing capacity gaps, including:
- Lack of sector-specific guidelines tailored to sensitive sectors such as telecommunications, healthcare, and financial services.
- Absence of secure and trusted reporting channels for data misuse and breaches, undermining accountability.
Addressing these challenges will strengthen EDPA’s ability to operationalize the Act, enforce compliance, and build trust among stakeholders.
3. Objectives of the assignment
The overall objective is to provide targeted technical assistance that equips the EDPA to draft and adopt sector-specific codes of conduct and regulatory guidelines for industries such as telecommunications, health, and finance.
4. Scope of Work
4.1. Guideline Development Expert
4.1.1. Purpose of the tool
Sector-specific guidelines and codes of conduct are essential instruments for translating the provisions of the Data Protection Act into actionable, context-relevant rules for regulated industries. These tools provide clarity, reduce ambiguity, and ensure consistent compliance across different sectors. The two targeted sectors are :
- Health: Codes of conduct can guide the secure processing of sensitive medical records, ensure confidentiality, and set standards for informed consent.
- Finance: Guidelines will ensure financial institutions adopt adequate safeguards against fraud, enforce confidentiality of banking data, and align with anti-money laundering (AML) requirements.
4.1.2. Value proposition
These guidelines build trust between regulators, industry, and citizens. They also demonstrate Eswatini’s compliance with AU Data Policy Framework, the Smart Africa Blueprint, and regional instruments (e.g., SADC guidelines). Clear, sector-specific rules reduce compliance costs, avoid regulatory uncertainty, and encourage innovation within a safe and trusted ecosystem.
4.1.3. Consultant’s role and deliverables
- Conduct a desk review of the Data Protection Act (2022) and secondary instruments. • Benchmark against regional and international best practices (e.g., GDPR codes of conduct, AU Data Policy Framework, SADC guidelines).
- Assist the EDPA team in drafting sector-specific guidelines for health and finance, ensuring alignment with local realities.
- Facilitate consultation workshops with EDPA, regulators, private sector, and civil society. • Finalize and publish guidelines after incorporating stakeholder feedback.
- Deliver a capacity-building session for EDPA staff on implementation and oversight of these codes.
5. Expected outputs
- Drafted, validated, and finalized sector-specific guidelines for health and finance. • Training reports for EDPA staff and DPOs.
- Final technical reports summarizing the assignment and providing recommendations for sustainability.
6. Expected Outcomes
- Strengthened regulatory authority and operational capacity of the EDPA.
- Clearer compliance expectations for key sectors (health, finance).
- Greater alignment of Eswatini’s data protection regime with continental frameworks (AU Data Policy Framework, Smart Africa Blueprint).
- Enhanced trust among citizens, businesses, and international partners in Eswatini’s data governance ecosystem.
7. Consultant Profiles
Guideline Development Expert
The consultant will support the EDPA in drafting sector-specific regulatory guidelines tailored to industries such as healthcare and financial services. The consultant must meet the following minimum requirements:
- Advanced degree (Master’s or higher) in Law, ICT Policy, Public Policy, Data Governance, or related field.
- At least 10 years of experience in data protection, privacy, and digital governance. • Demonstrated track record of drafting regulatory instruments, codes of conduct, or sector-specific guidelines in data governance.
- Proven capacity to align national regulatory instruments with international best practices (e.g., GDPR, AU Data Policy Framework, SADC models).
- Strong familiarity with the Eswatini Data Protection Act (2022) and its operational framework. • Practical knowledge of local institutional arrangements in Eswatini’s telecoms, health, and finance sectors.
- Previous collaboration with national regulators or ministries in Eswatini or Southern Africa is an advantage.
- Excellent legal drafting, policy analysis, and stakeholder engagement skills.
- Ability to conduct capacity-building workshops and mentor EDPA staff.
8. Methodology
The consultant is expected to adopt a participatory, context-sensitive, and practical approach, ensuring that deliverables are aligned with Eswatini’s realities while reflecting continental and international standards.
Key methodological steps:
i. Desk Review and Benchmarking
- Review the Eswatini Data Protection Act (2022), current enforcement mechanisms, and sectoral regulations.
- Benchmark against regional (SADC, AU) and international standards (GDPR, OECD, UN guidelines).
ii. Stakeholder Engagement
- Conduct consultations with EDPA staff, sectoral regulators, Data Protection Officers(DPOs), private sector representatives, and civil society.
- Facilitate focus group discussions to capture practical challenges and sector-specific needs.
iii. Drafting and Co-creation
- Draft sectoral codes of conduct and regulatory guidelines with iterative feedback from stakeholders.
iv. Validation Workshops
- Organize multi-stakeholder workshops to present drafts, gather feedback, and buildconsensus.
- Ensure ownership by EDPA and acceptance by sectoral stakeholders.
v. Capacity Building
- Deliver training sessions for EDPA staff and DPOs on the application of guidelines.
- Provide mentoring and coaching for long-term institutional capacity.
vi. Finalization and Handover
- Produce final validated guidelines documents.
- Deliver a training and sustainability report.
viii. Deliverables and timeline
|
Deliverable |
Timeline |
|
Inception Report |
Week 1 |
|
Draft Guidelines |
Week 4 |
|
Validation Workshop Report |
Week 6 |
|
Final Guidelines |
Week 8 |
|
Training & Final Report |
Week 8 |
10. Duration
The consultancy will last two (2) months effective from the contract signing date, and it may be extended based on the mutual agreement of both parties, as deemed necessary.
11. Evaluation method and criteria
The evaluation method employed is the Fixed Budget Selection. The bidders will be evaluated on their technical offers and the highest-ranked among responsive technical proposals that fits within the fixed budget will be selected.
11.1. Technical Evaluation Criteria
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
The financial proposals will be opened for only those firms which secure a minimum score of 75/100 in the technical
evaluation and the highest-ranked among responsive technical proposals that fits within the fixed budget will be selected.
12. Submission Requirements for Technical & Financial Proposals
A specific outline must be followed to facilitate the Smart Africa Secretariat’s review and evaluation of the
responses received.
A response to this RFP must include the following sections in the order listed:
i) A cover letter confirming the consultant’s interest to provide the services required (Only
Individuals are required)
ii) Mandatory Administrative documents
- Identification document (ID or Passport)
iii) A technical proposal containing the following content:
- Executive summary
- Consultants experience/Profile
- Approach and Methodology
- Work Plan / Schedule
- Updated and certified Curriculum Vitae (max 3 pages with relavant experiences) and academic certificates required
- Consultant Certificates or Recommendation letters of successful completion for similar past assignments, duty signed
iv) Financial Proposal containing the following tables.
- Summary of Costs.
- Break down of price per user group on daily rate.
- Break down of remuneration user group on daily rate.
- Reimbursable expenses user group applicable.
- Miscellaneous Expenses if any
Notes
- Indicate your preferred payment terms under financial proposal
- A withholding tax of 15% will be deducted from payments for Consultant not VAT-registered with Rwanda Tax Administration (RRA)
- All Financial Proposals/offers should be password protected and Smart Africa will request for it for bidders who have been qualified in the technical evaluation
- All Financial Offers should be quoted and submitted in USD Currency.
13. SUBMISSION PROCESS
Soft copies of both Technical and financial proposals must be sent to:procurement@smartafrica.org showing each the nature of the offer concerned (technical or financial offer), not later than 14th November 2025 at, 5:00 PM local time (Kigali), addressed to Procurement Office of Smart Africa Secretariat, with subject marked: Ref 139/SA/GIZ-Data Governance/RFP/10/2025:Individual Consultant for the Guideline Development
14. RIGHTS RESERVED
a) This RFP does not obligate the Smart Africa Secretariat (SAS) to complete the RFP process. b) SAS reserves the right to amend any segment of the RFP prior to the announcement of a selected Consultant.
c) SAS also reserves the right to remove one or more of the services from consideration for this contract should the evaluation show that it is in SAS’s best interest to do so.
d) SAS also may, at its discretion, issue a separate contract for any service or groups of services included in this RFP.
e) SAS may negotiate a compensation package and additional provisions to the contract awarded under this RFP.
f) The Smart Africa reserves the right to debrief the applicants after the completion of the process due to expected high volume of applications and avoiding the compromise of the process.
Late proposals will be rejected.
15. VALIDITY
Proposals and quotes must remain valid for 90 days after the date of closing noted above. After, the closing date and time, all proposals received by the Smart Africa Secretariat become its property.
16. ENQUIRIES
Any inquiries will only be received at least 3 working days before the bid submission deadline.
Prospective respondents who may have questions regarding
this RFP may submit their inquiries to tenderenquiries@smartafrica.org
17. ANTI-CORRUPTION
Smart Africa is committed to preventing and not tolerating any act of corruption and other malpractices and expects that all bidders will adhere to the same ethical principles.