REOI_ Data Protection Specialist – deadline extension, Ref. No. RS-NCD-96040YF-CS-IC-25-4.31

Republic of Serbia

Ministry of Health

Serbia Noncommunicable Diseases Prevention and Control Project

Loan No. 96040-YF, Project ID P180619

 

 

REQUEST FOR EXPRESSIONS OF INTEREST

(CONSULTING SERVICES – SELECTION OF INDIVIDUALS,

NATIONAL, PART TIME)

 

 

 

Country:                    The Republic of Serbia

Name of Project:       Serbia Noncommunicable Diseases Prevention and Control Project

Loan No.:                   96040-YF

Assignment Title:      Data Protection Specialist

Reference No.:           RS-NCD-96040YF-CS-IC-25-4.31

Date of initial publication:                            18 February 2025

Date of publication of deadline extension:   4 March 2025

 

 

Revised notice – extension of EOI submission deadline

 

This is a repeated request for the expression of interest (REoI). The initial REoI was published on February 18, 2025. Individual consultants who have previously submitted their EoI for this assignment will be duly considered and do not need to reapply.

 

The Republic of Serbia has received financing from the World Bank for the Serbia Noncommunicable Diseases Prevention and Control Project (SNDPCP) and intends to apply part of the proceeds for consulting services: Data Protection Specialist.

 

The overall objective of the assignment is to assist the Ministry of Health (MoH) on data protection issues related to digital health systems to be implemented by the Project.

 

The main activities of this assignment include, but are not limited to the following:

 

  • Ensuring compliance with data protection laws and regulations (GDPR and national laws), with a primary focus on safeguarding personal data and ensuring that data are processed and stored securely, in accordance with applicable laws.
  • Identifying and documenting the flow of personal data within the digital health systems to be implemented by the Project, including its sources, processing activities, and storage locations.
  • Implementing and managing data security measures to protect sensitive data from unauthorized access or breaches. Regularly reviewing and enhancing data encryption, access controls, and other security protocols.
  • Serving as the primary contact for data protection incidents, coordinating the Project's response and ensuring compliance with reporting requirements.
  • Assessing and monitoring the data protection practices of third-party vendors and service providers. Ensuring that contracts with third parties include data protection clauses and compliance requirements.
  • Conducting data protection awareness programs to educate Project team and stakeholders about best practices for data protection.
  • Managing data subject requests, such as access requests, deletion requests, or rectification requests, and ensuring that they are processed within legal timeframes.
  • Analyzing data protection risks associated with IT activities on the project.
  • Cooperating with cyber/digital security specialist to ensure comprehensive data protection and security measures.

 

The detailed Terms of Reference (TOR) for the assignment can be found at the following website:  https://www.zdravlje.gov.rs/tekst/426135/oglasi.php

 

On behalf of the Ministry of Health of the Republic of Serbia, the Project Coordination Unit now invites individual consultants to indicate their interest in providing the Services. Interested individual consultants should provide Cover Letter and CV in the English language, with information demonstrating that they have the required qualifications and relevant experience to perform the Services (scanned diplomas and certificates to be sent with CV).

 

The consultant should possess the following qualifications and experience:

 

  • Bachelor's or Master's degree in relevant field, such as information security, data privacy, or law
  • Minimum 10 years of work experience in IT sector
  • Knowledge of MoH's, HIF's and IPHS's information system is required
  • In-depth knowledge of data protection regulations, at least GDPR and relevant national laws
  • Good command of written and spoken English and Serbian language
  • Previous experience in projects financed by the World Bank or the IFIs would be an advantage
  • At least one certificate in the field of data protection (CIPP, CIPM, CIPT, CISSP, or equivalent)
  • Experience with GDPR, ISO/IEC 27001 or relevant certification processes will be considered an advantage. 

 

The evaluation of the received EOIs will be based on the following selection criteria:

  • Specific experience relevant for the assignment                        60 points
  • Qualifications for the assignment                                           40 points

 

The attention of interested Consultants is drawn to Section III, paragraphs 3.14, 3.16, and 3.17 of the World Bank's "Procurement Regulations for IPF Borrowers", September 2023 ("Procurement Regulations"), setting forth the World Bank's policy on conflict of interest. 

 

A Consultant(s) will be selected in accordance with the IC (Individual Consultants) method set out in the Procurement Regulations. Further information can be obtained at the address below during office hours: 09.00–15.00.

 

Expressions of interest, must be submitted in written form to the address below (in person or by mail or e-mail) by 14 March 2025.

 

 

Primary Health Center Savski venac

Dom zdravlja Savski venac

Ms. Žana Cvetković, Procurement specialist

Serbia Noncommunicable Diseases Prevention and Control Project

Pasterova 1 Str., 11000 Beograd

The Republic of Serbia

E-mail:  office_pcu@zdravlje.gov.rs

 

ToR_Data protection specialist