Consumer Data Right policy

24 Aug 2021

The Consumer Data Right enables businesses to tailor products and services for consumers based on their data.

Strict privacy safeguards are built into the system so consumers can be confident in authorising accredited providers to access their data.

As a business participating in the Consumer Data Right, you must handle CDR data in an open and transparent way.

This includes having a clear and up-to-date Consumer Data Right policy.

Your CDR policy must cover how you manage CDR data, how customers can make an enquiry or complaint, and how they can access and correct their data.

There are six steps to developing a CDR policy.

Step 1 Understand your obligations and how you handle CDR data, so you can accurately describe it to your customers.

The information you must include in your CDR policy depends on whether your business is an accredited data recipient or a data holder.

Step 2 Develop the content, structure and presentation of your policy.

Arrange the information in a way that makes sense.

Consider providing a summary with the key points your customers need to know. You can also use graphics and videos.

Step 3 Write your CDR policy.

Use:

Avoid legal jargon, acronyms and irrelevant information.

Step 4 Test your CDR policy with your likely readers or colleagues.

Your policy should be easy to read and understand.

Step 5 Make the policy publicly available on your website or in your mobile app.

The CDR policy should be prominently displayed, accessible for all customers, and easy to download.

You must provide a copy of the policy if a customer asks for it.

Step 6 Review and update your policy at least once a year.

Ask your customers for feedback and make sure your policy accurately reflects your current CDR practices.

A CDR policy supports open and transparent management of data, which is critical to building trust and engaging customers.

For more information on developing a CDR Policy, visit oaic.gov.au/cdr.