Tenders are invited for Recruitment of an Individual Consultant to Support the Eswatini Data Protection Authority (Edpa) for the Whistleblowing Mechanism Location: Kigali Deadline: Friday, 14/11/2025 17:00 1. Background The Smart Africa Alliance is a bold and innovative commitment from African Heads of State and Government to accelerate sustainable socio-economic development across the continent. Its ultimate goal is to transform Africa into a Single Digital Market by 2030. The Smart Africa Manifesto is anchored on five core principles: To place ICT (Information and Communication Technologies) at the center of national development agendas; To improve access to ICTs, especially broadband infrastructure; To enhance transparency, efficiency, and accountability through ICT; To prioritize private sector participation; To leverage ICTs in advancing sustainable development. As of June 2025, the Smart Africa Alliance consists of 40 member states, key international partner organizations such as the African Union Commission (AUC), the International Telecommunication Union (ITU), and global private sector entities. The Smart Africa Secretariat (SAS) is headquartered in Kigali, Rwanda. 2. National context Eswatini Eswatini has made significant progress in digital governance with the enactment of the Data Protection Act, 2022 (Act No. 5 of 2022). The Act establishes the Eswatini Communications Commission (ESCCOM) as the Eswatini Data Protection Authority (EDPA). The EDPA is mandated to oversee compliance, regulate data processing, and protect citizens right to privacy. Despite this milestone, assessments have identified pressing capacity gaps, including: Lack of sector-specific guidelines tailored to sensitive sectors such as telecommunications, healthcare, and financial services. Absence of secure and trusted reporting channels for data misuse and breaches, undermining accountability. Addressing these challenges will strengthen EDPAs ability to operationalize the Act, enforce compliance, and build trust among stakeholders. 3. Objectives of the assignment The overall objective is to provide targeted technical assistance to the EDPA to design a secure, anonymous, and trusted whistleblowing mechanism including policies, workflows, and protocols for reporting data misuse, breaches, and non-compliance. The mechanism should be implementable in the short term through manual or semi-digital processes, with a clear pathway to full digitalization by the EDPA at a later stage. 4. Scope of Work 4.1. Whistleblowing Mechanism Expert 4.1.1. Purpose of the Tool A whistleblowing mechanism provides a safe, trusted, and confidential channel for reporting data misuse, breaches, or unlawful processing activities. In the absence of such a mechanism, citizens, employees, or businesses may hesitate to report violations, leaving breaches undetected and eroding trust in the data ecosystem. 4.1.2. Value Proposition By creating a whistleblowing mechanism, EDPA strengthens its role as a trusted regulator. Such mechanisms: Promote accountability across industries. Protect whistleblowers from retaliation while ensuring anonymity. Enable early detection of breaches and non-compliance, thus preventing systemic failures. Reinforce citizen trust in EDPAs oversight role and Eswatinis digital governance framework. Given current budget constraints, the consultant will not develop a full digital platform immediately. Instead, the consultant will design a mechanism framework (policies, workflows, secure channels like hotline/email/physical drop-boxes) that can be digitalized later. 4.1.3. Consultants Role and Deliverables Assess existing internal reporting mechanisms within ESCCOM and regulated sectors. Design a secure, anonymous reporting mechanism, prioritizing practical and low-cost tools (e.g., confidential hotlines, encrypted email addresses, physical secure drop-boxes). Develop policies and procedures for intake, triage, case handling, escalation, and follow-up. Ensure alignment with international standards (e.g. AU privacy frameworks, EU Whistleblower Directive, etc.). Deliver training for EDPA staff on handling complaints, protecting whistleblowers, and maintaining confidentiality. Conduct an awareness campaign for regulated sectors and civil society to promote uptake of the mechanism. Produce a roadmap for future digitalization of the whistleblowing system (e.g., integration into ESCCOM IT systems). 5. Expected outputs Designed and validated whistleblowing mechanism (manual and semi-digital processes) with supporting templates and procedures. Training reports for EDPA staff and DPOs. Final technical reports summarizing the assignment and providing recommendations for sustainability. 6. Expected Outcomes Strengthened regulatory authority and operational capacity of the EDPA. A trusted channel for reporting misuse and breaches, increasing transparency. Greater alignment of Eswatinis data protection regime with continental frameworks (AU Data Policy Framework, Smart Africa Blueprint). Enhanced trust among citizens, businesses, and international partners in Eswatinis data governance ecosystem. 7. Consultant Profiles Whistleblowing Mechanism Expert The consultant will design a mechanism for secure and anonymous whistleblowing, focusing on compliance and citizen trust. The consultant must meet the following minimum requirements : Advanced degree (Masters or higher) in Law, ICT, Compliance, Public Policy, or Institutional Risk Management. At least 8 years of professional experience in compliance, governance, or risk management. Demonstrated experience in designing accountability frameworks such as whistleblowing or complaint-handling systems. Familiarity with international whistleblowing standards (e.g., OECD Guidelines, Transparency International frameworks) and their adaptation to local contexts. Solid understanding of Eswatinis data protection ecosystem, including the role of EDPA, Data Protection Officers, and regulated entities. Experience working with public institutions in Southern Africa is an advantage. Strong technical capacity to design practical, cost-effective mechanisms that can be digitized later. Excellent facilitation and training skills, particularly in sensitive reporting systems and ethics. Ability to produce clear guidelines, process manuals, and awareness-raising materials tailored for national institutions. 8. Methodology The consultant is expected to adopt a participatory, context-sensitive, and practical approach, ensuring that deliverables are aligned with Eswatinis realities while reflecting continental and international standards. Key methodological steps: i. Desk Review and Benchmarking Review the Eswatini Data Protection Act (2022), current enforcement mechanisms, andsectoral regulations. Benchmark against regional (SADC, AU) and international standards (GDPR, OECD, UNguidelines). ii. Stakeholder Engagement Conduct consultations with EDPA staff, sectoral regulators, Data Protection Officers(DPOs), private sector representatives, and civil society. Facilitate focus group discussions to capture practical challenges and sector-specific needs. iii. Drafting and Co-creation Design a manual mechanism for whistleblowing (secure and confidential reporting channels) that can later be digitized. Tender Link : https://www.jobinrwanda.com/job/terms-reference-recruitment-individual-consultant-support-eswatini-data-protection-authority
