The African Reinsurance Corporation (Africa Re) is the leading African reinsurance company with headquarters in Lagos (Nigeria). Africa Re has six regional offices: Casablanca (Morocco), Abidjan (Côte d’Ivoire), Nairobi (Kenya), Lagos (Nigeria), Cairo (Egypt) and Ebene (Mauritius). The Corporation equally has two subsidiaries: African Reinsurance Corporation South Africa Ltd in Johannesburg (South Africa), Africa Retakaful in Cairo (Egypt) and one Local Office in Addis Ababa (Ethiopia). Africa Re has a broad-based shareholding comprising 41 African member States, the African Development Bank (AfDB), 111 African insurance and reinsurance companies and three non-regional shareholders, including leading global insurers and reinsurers. The Financial Strength and Credit Rating of Africa Re is A by A.M. Best and A – by Standard & Poor’s.
The intent of this Request for Proposals (RFP) or Solicitation is to secure competitive proposals for the provision of data protection compliance services that will support and foster Africa Re’s compliance with existing key legislations requirements across the Corporation’s operational environment as well as with the Global Data Protection Regulation (GDPR).
This will include Data Protection Compliance Assessment, Personal data Inventory, Data Protection Impact Assessment (DPIA), Training and Capacity Building, Implementation of Data Protection Compliance (Drafting the Corporate Data Protection Policy in line with applicable key regulatory requirements, drafting the Data Protection Governance Model and documenting roles and responsibilities for data protection functions, etc.).
Africa Re’s operational environment is characterized by evolving and diverse legislation and regulation requirements. The main objectives pursued through these regulations are:
• Giving citizens more control over their personal data with a view to catering for growing privacy protection aspirations.
• Introduce new rights for citizens (right to portability of personal data, right to be forgotten) in today’s data-driven world.
• Increase awareness of data regulation through a system of penalties (fines).
Furthermore, the EU General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of EU residents and came into effect from May 25, 2018. The GDPR applies to any organization, regardless of their geographic location; who are either “Controller” (i.e. public authority, agency or other body who determines the purposes and means of the processing of personal data) or “Processor” (i.e. public authority, agency or other body which processes personal data on behalf of the controller), of the data of EU residents.
At the Corporation level, we collect and process personal data as we deal with EU organisations (Reinsurance Intermediaries, Retrocessionaires, Life Reinsurance business, etc.). Data may also be shared with vendors/third-party for outsourced activities.
Africa Re operates in a number of countries and jurisdictions. Multiple data protection laws may apply for jurisdictions in which we write business, those stated specifically on underwriting policies, or transactions with nationals from an applicable country. However, Africa Re is an organization with various immunities and privileges and this may influence the scope of applicability of the aforementioned legislations or regulations.
Consequently, to respond to these challenges and mitigate potential risk of non-compliance, the underlying main objective behind this RFP is to seek a detailed technical and commercial proposal for hiring of Consultant for carrying out an Applicability Assessment, Gap Assessment, and other relevant assessments. The Consultant shall then recommend measures to be implemented to make the Corporation fully compliant with the key data protection legislations surrounding its operational environment.
EXTENDED DEADLINE FOR PROSAL SUBMISSION: 27 APRIL 2021