Tender for Data Privacy Impact Assessment System

Tender for Data Privacy Impact Assessment System

A Data Privacy Impact Assessment tool is required to meet the requirements of the Data Protection Act 2018.

United Kingdom-Edinburgh: Software package and information systems

2018/S 106-241909

Contract notice

Services

Directive 2014/24/EU

Section I: Contracting authority

I.1)Name and addresses

University of Edinburgh
Charles Stewart House, 9-16 Chambers Street
Edinburgh
EH1 1HT
United Kingdom
Telephone: +44 1316502508
E-mail: george.reid@ed.ac.uk
NUTS code: UKM75
I.2)Information about joint procurement

I.3)Communication

The procurement documents are available for unrestricted and full direct access, free of charge, at: http://www.publictendersscotland.gov.uk
Additional information can be obtained from the abovementioned address
Tenders or requests to participate must be submitted electronically via: http://www.publictendersscotland.gov.uk
Electronic communication requires the use of tools and devices that are not generally available. Unrestricted and full direct access to these tools and devices is possible, free of charge, at: http://www.publictendersscotland.gov.uk

I.4)Type of the contracting authority

Body governed by public law

I.5)Main activity

Education

Section II: Object

II.1)Scope of the procurement

II.1.1)Title:

Data Privacy Impact Assessment System

Reference number: EC0828

II.1.2)Main CPV code

48000000

II.1.3)Type of contract

Services

II.1.4)Short description:

A Data Privacy Impact Assessment tool is required to meet the requirements of the Data Protection Act 2018.

The new EU GDPR regulation was adopted on 27.4.2016. It applies in the UK from 25.5.2018 after a 2-year transition period.

The university is aiming to have an effective way for staff across the University to assess the privacy impact of proposals involving the use of personal data. Under the new Act the University needs to evidence its compliance with data protection legislation.

The University of Edinburgh has elected to carry out this project as an EU tender to reach the widest possible market rather than because the expected value will be over the OJEU threshold for public procurement.

II.1.5)Estimated total value

Value excluding VAT: 1.00 GBP

II.1.6)Information about lots

This contract is divided into lots: no
II.2)Description
II.2.1)Title:

II.2.2)Additional CPV code(s)

48000000

II.2.3)Place of performance

NUTS code: UKM75
Main site or place of performance:

Edinburgh.

II.2.4)Description of the procurement:

The introduction of a Data Privacy Impact Assessment tool is a core part of the University’s strategy to meet the requirements of the Data Protection Act 2018. It will become compulsory for staff across the University to routinely carry these out when using personal data, for example when:

— a Data Privacy Impact Assessment tool is required to meet the requirements of the Data Protection Act.

The new EU GDPR regulation was adopted on 27.4.2016. It applies in the UK from 25.5.2018 after a 2-year transition period.

The university is aiming to have an effective way for staff across the University to assess the privacy impact of proposals involving the use of personal data. Under the new GDPR the University needs to evidence its compliance with data protection legislation.

The tool is required to help staff across the University ensure their projects, strategies and initiatives are data protection compliant from the outset.

The objective is to implement a process based solution to record all Privacy Impact Assessment documentation to meet the requirements of the Data Protection Act.

Due to the Act for each business area retaining / moving / sharing personal info they need to complete a Privacy Impact Assessment. It is generally approved that this is delivered as a software as a service or licences, so each business area can call this off, complete record and it is maintained or published centrally.

The introduction of a Privacy Impact Assessment tool is a core part of the University’s strategy to meet the requirements of the Data Protection Act. It will become compulsory for staff across the University to routinely carry these out when using personal data, for example when:

— building new IT systems for storing or accessing personal data,

— developing legislation, policy or strategies that have privacy implications,

— embarking on a data sharing initiative, or

— using personal data for new purposes.

II.2.5)Award criteria

Criteria below
Quality criterion – Name: Quality / Weighting: 70.00
Price – Weighting: 30.00
II.2.6)Estimated value

II.2.7)Duration of the contract, framework agreement or dynamic purchasing system

Duration in months: 48
This contract is subject to renewal: yes
Description of renewals:

Renewals will be subject to budget and performance and are covered by Regulation 72 (1)(b) Public Contracts (Scotland) Regulations 2015.

II.2.10)Information about variants

Variants will be accepted: no

II.2.11)Information about options

Options: yes
Description of options:

Renewals will be subject to budget and performance and are covered by Regulation 72 (1)(b) by Public Contracts Scotland Regulations 2015.

II.2.12)Information about electronic catalogues

II.2.13)Information about European Union funds

The procurement is related to a project and/or programme financed by European Union funds: no
II.2.14)Additional information

Section III: Legal, economic, financial and technical information

III.1)Conditions for participation
III.1.1)Suitability to pursue the professional activity, including requirements relating to enrolment on professional or trade registers

III.1.2)Economic and financial standing

List and brief description of selection criteria:

Bidders will be required to have a “general” annual turnover threshold value 2 times the value of the contract value (GBP) for the last 3 years prior to the date of the proposed contract award.

Minimum level(s) of standards required:

All bidders must pass the ESPD.

III.1.3)Technical and professional ability

List and brief description of selection criteria:

As stated in the ESPD.

Minimum level(s) of standards possibly required:

As stated in the ESPD.

III.1.5)Information about reserved contracts
III.2)Conditions related to the contract
III.2.1)Information about a particular profession

III.2.2)Contract performance conditions:

Accessibility:

It is a requirement for the performance of this contract that the supplier takes adequate measures to ensure accessibility and conforms to the following standards in contract delivery:

The University has a legal and moral duty to ensure its systems are accessible to the widest possible audience, including disabled users.

As such, we expect bidders to, as far as possible to confirm system compliance with the Web Content Accessibility Guidelines (WCAG) Version 2.0, AA standard (https://www.w3.org/WAI/intro/wcag.php). If the University feels that the bidder has failed to reach a satisfactory level of compliance with these guidelines or is unable to demonstrate and firmly commit to a satisfactory standard being reached prior to the release date of the software within the University it will be excluded from the procurement.

Qualified Bidders will be required to provide a test site for the University’s Accessibility Officer.

III.2.3)Information about staff responsible for the performance of the contract

Obligation to indicate the names and professional qualifications of the staff assigned to performing the contract

Section IV: Procedure

IV.1)Description

IV.1.1)Type of procedure

Open procedure
IV.1.3)Information about a framework agreement or a dynamic purchasing system
IV.1.4)Information about reduction of the number of solutions or tenders during negotiation or dialogue
IV.1.6)Information about electronic auction

IV.1.8)Information about the Government Procurement Agreement (GPA)

The procurement is covered by the Government Procurement Agreement: yes
IV.2)Administrative information
IV.2.1)Previous publication concerning this procedure

IV.2.2)Time limit for receipt of tenders or requests to participate

Date: 20/07/2018
Local time: 12:00
IV.2.3)Estimated date of dispatch of invitations to tender or to participate to selected candidates

IV.2.4)Languages in which tenders or requests to participate may be submitted:

English

IV.2.6)Minimum time frame during which the tenderer must maintain the tender

Duration in months: 3 (from the date stated for receipt of tender)

IV.2.7)Conditions for opening of tenders

Date: 20/07/2018
Local time: 12:00
Place:

Edinburgh.

Section VI: Complementary information

VI.1)Information about recurrence

This is a recurrent procurement: no
VI.2)Information about electronic workflows

VI.3)Additional information:

Exclusion statement Modern Slavery, Blacklisting Equalities Act.

1) Introduction:

The University of Edinburgh is committed to protecting and respecting human rights and have a zero-tolerance approach to slavery and human trafficking in all its forms. The University is also committed to promoting fair working practices and embedding Equality and Diversity across all its work. Bidders and subcontractors engaged in the delivery of this contract may be excluded if they have not met applicable social, environmental and labour obligations, under national, EU and international law. This includes obligations for certain organisations under:

— the Modern Slavery Act 2015 (available at http://www.legislation.gov.ukpga/2015/30/contents/enacted),

— the ILO conventions and other measures listed in Annex x of Directive 2014/24/EU (available at http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32014L0024&from=EN),

— the Equality Act 2010 (available at https://www.legislationn.gov.uk/upga/2010/15/contents),

— the Employment Relations Act 1999 (Blacklists) Regulations 2010 (http://www.legislationn.gov.uk/uksi/2010/493/contents/made) — this is grounds for mandatory exclusion or termination of any procurement or contract stage.

At any stage, bidders and/or relevant subcontractors may be required to provide statements and means of proof demonstrating their compliance with these obligations or the reliability of their self-cleansing measures, including the annual statement as provided for by Section 54 of the Modern Slavery Act for organisations with a turnover of 36 000 000 GPB or over.

The buyer is using PCS-Tender to conduct this ITT exercise. The Project code is 10074

For more information see: http://www.publiccontractsscotland.gov.uk/infoCentre.aspx?ID=2

The buyer is using PCS-Tender to conduct this ITT exercise. The Project code is 10074

For more information see: http://www.publiccontractsscotland.gov.uk/info/InfoCentre.aspx?ID=2343

(SC Ref:531153).

The buyer is using PCS-Tender to conduct this ITT exercise. The Project code is 10074

For more information see: http://www.publiccontractsscotland.gov.uk/info/InfoCentre.aspx?ID=2343

(SC Ref:544454).

VI.4)Procedures for review

VI.4.1)Review body

University of Edinburgh
Charles Stewart House, 9-16 Chambers Street
Edinburgh
EH1 1HT
United Kingdom
Telephone: +44 1316502508Internet address: http://www.ed.ac.uk/schools-departments/procurement/supplying
VI.4.2)Body responsible for mediation procedures
VI.4.3)Review procedure
VI.4.4)Service from which information about the review procedure may be obtained

VI.5)Date of dispatch of this notice:

04/06/2018

Enjoyed this post? Share it!