Skip to main content

Please be advised that our office will be closed from 5pm – Tuesday, 24 December, and will reopen on Thursday, 2 January 2025.

24 Aug 2021

The Consumer Data Right is designed to encourage competition and innovation and give consumers greater choice and control over their data.

Strict privacy safeguards are built into the system so consumers can be confident in authorising providers to access their data.

As a business operating in the Consumer Data Right system, you must handle CDR data in an open and transparent way.

This is a legally binding requirement set out in the first of 13 CDR privacy safeguards.

Under Privacy Safeguard 1, your business must have a policy that explains how you manage CDR data.

Your CDR policy must cover how customers can make an enquiry or complaint, and how they can access and correct their CDR data.

The policy must be easy to read, up to date and freely available.

Businesses also need to have procedures and systems in place to ensure they meet all their privacy obligations under the Consumer Data Right.

There are four things you can do to help your business meet these obligations.

Embed a culture that respects and protects CDR data.

You could appoint a senior manager to take overall responsibility for CDR data, and appoint an officer to handle day-to-day privacy issues.

Establish robust and effective privacy practices, procedures and systems.

This could include:

  • privacy risk management processes
  • procedures for reviewing and responding to CDR complaints, and
  • training for staff to understand the privacy safeguards.

You should also have a process for customers to easily access and correct their CDR data.

Review and evaluate privacy processes regularly.

Make sure your CDR privacy processes are followed and are up to date.

Enhance your response to privacy issues.

Be proactive, forward thinking and anticipate future challenges.

Make appropriate changes to processes when necessary.

Open and transparent management of data will help your business consider privacy from the start.

Embed, establish, review and enhance your privacy culture and practice, to comply with the privacy safeguards and help your business realise the benefits of the Consumer Data Right

For more information about the Privacy Safeguards, visit oaic.gov.au/cdr.