Reading time: 5 minutes

It is important for your business to understand the Consumer Data Right (CDR) and how it will impact on your business. Initially, the CDR will apply to the banking sector, then rolled out to other sectors thereafter. This article looks at:

  • how the CDR applies to your business;
  • how to become accredited; and 
  • your ongoing accreditation obligations.

What is the Consumer Data Right?

The CDR is a new consumer and privacy law. It is being rolled out across the Australian economy in stages. It will first apply to the banking sector, then the energy sector, followed by the telecommunications sector and any sectors designated by the government thereafter. 

The CDR will provide consumers with a better choice when both selecting and switching providers. This is because it will allow product data to be used on comparison sites. This provides consumers with:

  • the ability to request and receive their consumer data in a usable format; and 
  • the right to request that participating CDR business transfer their data. 

To protect consumer data, the CDR also includes privacy safeguards. A consumer is any reasonably identifiable individual or business under the CDR.

Does the CDR Apply to My Business?

At first, the CDR will only apply in the banking sector. Therefore, if your business is not part of the banking sector or closely related to the banking sector, the CDR is not applicable to your business.

If your business is part of the energy or telecommunications sectors, then it is worth learning more about the CDR in preparation for its application to your sector.

If your business is in, or closely related to, the banking sector then you should consider whether:

  • your business is a data holder; or 
  • you should apply to become a data recipient.

Currently, the Big 4 banks are the only data holders under the CDR. This will be extended to smaller deposit-taking institutions. 

If your business would benefit from receiving consumer data related to financial products, then you may wish to apply to become an accredited data recipient. For example, if you offer a fintech product it may be convenient for your customers to be able to request that their data be sent from their bank to your business. 

How Can My Business Become Accredited?

Becoming accredited requires your business’ primary contact to submit an application via the accreditation portal and to meet certain criteria in that application.

Therefore, the first step for your business is to assess whether you can meet the accreditation criteria and whether the benefit of doing so is worth any costs you may incur. You must also take into account the ongoing compliance obligations attached to accreditation. Failure to comply with the CDR can result in penalties imposed on your business by the regulators.

If you decide to apply to become accredited, unless exempt under the CDR rules, you will need to demonstrate, at a minimum, that you are a fit and proper person and that you have:

  • the required information security to protect CDR data from misuse, interference, loss, unauthorised access, modification or disclosure;
  • an assurance report prepared in accordance with the Australian Standard on Assurance Engagements 3150 Assurance Engagement on Controls;
  • an internal dispute resolution process that meets the requirements in the CDR rules.
  • adequate insurance, or a comparable guarantee, to counter the risk if you breach your CDR data management obligations and a data breach occurs. 

You must also be a member of a recognised external dispute resolution scheme in relation to CDR consumer complaints. For example, for the banking sector, the requirement is to be a member of the Australian Financial Complaints Authority.

You should carefully consider the criteria for accreditation as set out in the CDR rules before applying.

What Are My Business’ Ongoing Accreditation Obligations?

Accredited businesses will have ongoing obligations. At a minimum, you will be required to:

  • have a customer-facing CDR policy in place;
  • keep records of your receipt and use of CDR data;
  • report to the regulators, including in respect of IT security incidents; and
  • submit to audits as required.

You may also take on some data holder obligations, by sharing particular CDR data at particular times.

To ensure you are meeting your ongoing requirements, you should carefully review these requirements. You should then put in place practical procedures and policies so your staff know how to comply with the CDR. Your staff will also benefit from training to supplement your internal documentation. This will be most relevant for staff in:

  • customer-facing roles, which are required to communicate clearly and accurately with customers about the CDR;
  • legal, compliance and risk roles, which are required to guide and monitor the business’ compliance with the CDR; and
  • technical IT roles, which are required to facilitate the technical security requirements and the receipt, storage and transfer of CDR data.

Key Takeaways

If you are from the banking, energy and telecommunication sectors, it is essential to understand how the CDR applies to you. If your business can become accredited and would benefit from doing so, you will need to consider:

  • the application process; 
  • the criteria you must meet; 
  • how to manage the application process; and 
  • your ongoing compliance obligations internally. 

A LegalVision commercial lawyer can help you understand the requirements, and assist in preparing documentation such as your external CDR policy. Just call 1300 544 755 or fill out the form on this page.

Webinars

Redundancies and Restructuring: Understanding Your Employer Obligations

Thursday 7 July | 11:00 - 11:45am

Online
If you plan on making a role redundant, it is crucial that you understand your employer obligations. Our free webinar will explain.
Register Now

How to Sponsor Foreign Workers For Your Tech Business

Wednesday 13 July | 11:00 - 11:45am

Online
Need web3 talent for your tech business? Consider sponsoring workers from overseas. Join our free webinar to learn more.
Register Now

Advertising 101: Social Media, Influencers and the Law

Thursday 21 July | 11:00 - 11:45am

Online
Learn how to promote your business on social media without breaking the law. Register for our free webinar today.
Register Now

Structuring for Certainty in Uncertain Times

Tuesday 26 July | 12:00 - 12:45pm

Online
Learn how to structure to weather storm and ensure you can take advantage of the “green shoots” opportunities arising on the other side of a recession.
Register Now

Playing for the Prize: How to Run Trade Promotions

Thursday 28 July | 11:00 - 11:45am

Online
Running a promotion with a prize? Your business has specific trade promotion obligations. Join our free webinar to learn more.
Register Now

Web3 Essentials: Understanding SAFT Agreements

Tuesday 2 August | 11:00 - 11:45am

Online
Learn how SAFT Agreements can help your Web3 business when raising capital. Register today for our free webinar.
Register Now

Understanding Your Annual Franchise Update Obligations

Wednesday 3 August | 11:00 - 11:45am

Online
Franchisors must meet annual reporting obligations each October. Understand your legal requirements by registering for our free webinar today.
Register Now

Legal Essentials for Product Manufacturers

Thursday 11 August | 11:00 - 11:45am

Online
As a product manufacturer, do you know your legal obligations if there is a product recall? Join our free webinar to learn more.
Register Now

About LegalVision: LegalVision is a commercial law firm that provides businesses with affordable and ongoing legal assistance through our industry-first membership.

By becoming a member, you'll have an experienced legal team ready to answer your questions, draft and review your contracts, and resolve your disputes. All the legal assistance your business needs, for a low monthly fee.

Learn more about our membership

Jacqueline Gibson
Need Legal Help? Submit an Enquiry

If you would like to get in touch with our team and learn more about how our membership can help your business, fill out the form below.

Our Awards

  • 2020 Innovation Award 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Award 2020 Employer of Choice Winner – Australasian Lawyer
  • 2020 Financial Times Award 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review
  • 2021 Law Firm of the Year Award 2021 Law Firm of the Year - Australasian Law Awards
  • 2022 Law Firm of the Year Winner 2022 Law Firm of the Year - Australasian Law Awards