Experts for EU Support to Data Protection in Armenia

EU Support to Data Protection in Armenia

Background:

Armenia adopted its law on Personal Data Protection in 2015, incorporating relevant elements of internationally recognized principles of data protection, including Convention 108+ and some elements of the EU General Data Protection Regulation.

As part of its broader EU integration policy, Armenia has committed to aligning its legislation and practices with European standards in line with commitments under Comprehensive and Enhanced Partnership Agreement (CEPA) and new Partnership Agenda. 

Specifically, the Roadmap for the implementation of CEPA includes specific obligations related to personal data protection. With the development of a new Roadmap currently underway, the protection of personal data once again stands out as a key priority.

In addition, the international agreement on cooperation with Eurojust creates obligations for Armenia in terms of protection of personal data, for the law enforcement and criminal justice sector, including an independent data protection supervisory authority.

The Data Protection Law provides for the establishment of an “authorised body” to “control over lawfulness of processing personal data”. This body is the Personal Data Protection Agency (DPA) established and regulated by the Decision No 734-N of 2-7 2015 of the Government of Armenia which also approves the statute of the Agency.

A recent assessment of the data protection legal framework in the context of the ‘Enhanced Data Protection and Data Flows’ project of the Directorate-General for Justice and Consumers of the European Commission, identified certain gaps in Armenia’s data protection legislation as well as in the capacity of the DPA to implement its tasks and enhance the public awareness on data protection issues. In the broader context of data protection, several systemic challenges persist in the country, particularly, in compliance, enforcement, institutional capacity and digital transformation. Lack of awareness and knowledge on personal data protection regulations among both public and private sector stakeholders can be also mentioned as one of the most significant challenges.

A further gap analysis on the legal framework in terms of alignment both with the GDPR and the Law Enforcement Directive will be conducted by the aforementioned project, and technical support will be provided to support the drafting the required legal texts.

Awareness raising, capacity-building, development of training materials and training on these issues will be required.

Global Objective: To ensure a high level of personal data protection and respect of the right to privacy in the Republic of Armenia

Specific objectives:

• To strengthen the capacity of the national data protection supervisory authority and other relevant stakeholders in enforcing personal data protection in Armenia
• To raise awareness around data protection legislation among policymakers, data subjects, data controllers and data processors and general public.

Requested services, including suggested methodology:

• Assistance in developing of National Strategy on Personal Data Protection 2026 2028
• Assist the Ministry of Justice and the national data protection supervisory authority in drafting relevant legal acts conditioned by the amendments and supplements to the Personal Data Protection (PDP) Law.
• Enhance the institutional and human resource capacity of the data protection supervisory authority through support to policy development, functional restructuring, drafting and implementing training (improved data protection supervision, monitoring and reporting within the data protection supervisory authority). Strategic development plan for the data protection supervisory authority covering the next 3 years shall be designed as part of this activity.
• Increase public awareness and knowledge of public servants on data protection rights, particularly regarding sensitive and biometric data among public officials and private sector. Assist the data protection supervisory authority in implementing three public awareness campaigns aimed at establishing a robust data protection culture in Armenia.

Required Outputs:

• National Strategy on Personal Data Protection for 2026-2028 developed.
• Draft legal acts (exact number to be identified at the inception phase) conditioned by the amendments and supplements to the Personal Data Protection (PDP) Law developed and submitted
• A comprehensive capacity-building programme is developed and submitted to the beneficiary.
• The Contractor provided expert, policy and ad-hoc advice to improve data protection supervision, monitoring and reporting in the data protection supervisory authority, including necessary training. 6-8 one- or two- day training sessions (depending on the subject) to be implemented (exact number to be identified at the inception phase) for indicative number of 15-20 participants.
• Strategic development plan for the next 3 years designed and delivered to the beneficiary.
• A communication and awareness raising action plan for the data protection supervisory authority aimed at increasing awareness and knowledge on data protection rights, particularly regarding sensitive and biometric data is developed. Three public awareness raising campaigns are implemented (through sub contracting).
• One study visit for the Ministry of Justice, data protection supervisory authority and other relevant staff (5 participants for 5 days) organised.

Expertise needed:

1. Data protection expert: Cat. II (>6 years of directly relevant experience), 90 working days
2. Legal expert: Cat. II (>6 years of directly relevant experience), 90 working days
3. Public administration expert: Cat. III (>3 years of directly relevant experience), 35 working days

If you are interested in this opportunity, please email your updated CV and an indication of your desired fee rate to eu-fwc-siea@vjwinternational.com. Please note that only those who meet the minimum requirements will be contacted.